PYSEC-2026-174

Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against Dag IDs by applying Python's str.lstrip to the requested path segment when verifying the JWT's sub...

CVE-2026-42845 Grav: Anonymous Page Content Overwrite via Form File Upload filename Override

The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload GHSA-w4rc-p66m-x6qq. Public form uploads now strip path components from the POST-supplied filename and hard-block page-content extensions md, yaml...

Grav CMS 安全漏洞

Grav CMS is an open-source file-based content management system developed by Grav. Versions of Grav CMS prior to 9.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of path stripping during file uploads and the failure to strictly prevent the extension of page...

CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

Path Traversal

Mako is vulnerable to Path Traversal. The vulnerability is due to inconsistent slash-stripping behavior in TemplateLookup.gettemplate, where URIs beginning with // can bypass path restrictions and access arbitrary files outside the intended template directory, allowing disclosure of files readabl...

EUVD-2025-209688

HCL BigFix Service Management SM application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared...

AVideo has an Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User JavaScript Execution via `$msg['json']` Relay Bypass

Summary The server-side mitigation for the YPTSocket autoEvalCodeOnHTML eval sink prior advisory GHSA-gph2-j4c9-vhhr, commit c08694bf6 only strips the payload when it sits under $json'msg', but the relay function msgToResourceId selects the outbound message from $msg'json' before $msg'msg'. An...

GHSA-VCGP-9326-PQCP net-imap vulnerable to STARTTLS stripping via invalid response timing

Summary A man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. Details When using Net::IMAPstarttls to upgrade a plaintext connection to use TLS, a man-in-the-middle attacker can inject a tagged OK response with an easily predictable tag. By sendi...

PT-2026-37183

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.3.10 Net::IMAP versions prior to 0.4.24 Net::IMAP versions prior to 0.5.14 Net::IMAP versions prior to 0.6.4 Description A man-in-the-middle attacker can cause the starttls function to return successfully without...

Astra Linux - уязвимость в ruby2.5, jruby

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

USN-8193-1 libcap2 vulnerability

Ali Raza discovered that libcap incorrectly handled file capability updates. A local attacker could possibly use this issue to inject or strip capabilities into arbitrary executables and escalate privileges...

OESA-2026-1929 libcap security update

This is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access t...

GHSA-GWHP-PF74-VJ37 Fastify's connection header abuse enables stripping of proxy-added headers

Summary @fastify/reply-from and @fastify/http-proxy process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers like access control or identification headers from upstream requests by...

Fastify's connection header abuse enables stripping of proxy-added headers

Summary @fastify/reply-from and @fastify/http-proxy process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers like access control or identification headers from upstream requests by...

HTTP Header Injection

Overview @fastify/http-proxy is a proxy http requests, for Fastify Affected versions of this package are vulnerable to HTTP Header Injection via improper handling of the Connection header after proxy-added headers have been set. An attacker can remove headers intended for routing, access control,...

CVE-2026-33805 @fastify/reply-from vulnerable to connection header abuse enabling stripping of proxy-added headers

@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests by listing them i...

CVE-2026-33805

@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests by listing them i...