MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.151-1.b12.AXS4 (AXSA:2017-2337:08)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2337:08 advisory. Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to...

CVE-2021-47794 ZesleCP 3.1.9 - Remote Code Execution (RCE) (Authenticated)

ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command that establishes a network connection to a...

CVE-2021-47794

CVE-2021-47794 affects ZesleCP 3.1.9. An authenticated attacker can exploit the FTP account creation endpoint to inject a reverse shell command, enabling remote code execution via shell injection in the created FTP accounts. The vulnerability is network-based with low attack complexity and requir...

CVE-2026-23527

H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...

h3 v1 has Request Smuggling (TE.TE) issue

I was digging into h3 v1 specifically v1.15.4 and found a critical HTTP Request Smuggling vulnerability. Basically, readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this header should be case-insensitive. The...

GHSA-MP2G-9VG9-F4CG h3 v1 has Request Smuggling (TE.TE) issue

I was digging into h3 v1 specifically v1.15.4 and found a critical HTTP Request Smuggling vulnerability. Basically, readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this header should be case-insensitive. The...

HTTP Request Smuggling

Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to HTTP Request Smuggling via improper parsing of the Transfer-Encoding header in the readRawBody function. An attacker can bypass security controls...

HTTP Request Smuggling

Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to HTTP Request Smuggling via improper parsing of the Transfer-Encoding header in the readRawBody function. An attacker can bypass security controls and poison web...

EUVD-2026-2737

H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...

CVE-2026-23527

H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...

CVE-2026-23527 h3 v1 has Request Smuggling (TE.TE) issue

H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...

CVE-2026-23527 h3 v1 has Request Smuggling (TE.TE) issue

H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...

CVE-2026-23527

CVE-2026-23527 affects the h3 HTTP framework (pre-1.15.5). The vulnerability is in readRawBody, which performs a strict case-sensitive check for the Transfer-Encoding header and looks for the literal value “chunked.” Because RFC requires case-insensitive handling, an attacker can craft a request ...

CVE-2026-23527 Request Smuggling (TE.TE) in h3 v1

H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...

RHSA-2026:0606 Red Hat Security Advisory: vsftpd security update

Bulletin has no description...

RLSA-2026:0608 Moderate: vsftpd security update

The vsftpd packages include a Very Secure File Transfer Protocol FTP daemon, which is used to serve files over a network. Security Fixes: vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing CVE-2025-14242 For more details about the security issues, including the...

media: vidtv: initialize local pointers upon transfer of memory ownership

...

H3 Environmental Issues and Vulnerabilities

H3 is an open-source HTTP framework developed by H3. Versions prior to H3 1.15.5 contained an environmental issue vulnerability. This vulnerability stemmed from the strict case-sensitive handling of the Transfer-Encoding header, which could lead to HTTP request payload attacks...

PT-2026-3098

Name of the Vulnerable Software and Affected Versions H3 versions prior to 1.15.5 Description H3 is a minimal HTTP framework designed for high performance and portability. A critical HTTP Request Smuggling issue exists due to a case-sensitive check for the 'Transfer-Encoding' header within the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002625)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002625 advisory. An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2csmbusxferemulated...