CVE-2026-25223 Fastify's Content-Type header tab character allows body validation bypass

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content ...

Vulnerabilities fixed in Nagios XI

Nagios has fixed vulnerabilities in Nagios XI Specific to version 2024R1.2.2. The vulnerability is in the way Nagios XI handles user information, allowing unauthenticated users to access usernames and e-mail addresses of all current users. This can lead to unauthorized access and exploitation of...

python: urllib.parse does not sanitize URLs containing ASCII newline and tabs

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...