PT-2026-34847

Name of the Vulnerable Software and Affected Versions basic-ftp versions prior to 5.3.0 Description An issue in the Node.js FTP client allows for a denial of service via unbounded memory growth during the processing of directory listings from a remote FTP server. A malicious or compromised server...

CVE-2026-2708

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...

Security Bulletin: Inadequate Pod Communication Restrictions, affects watsonx.data

Summary A security vulnerability has been identified in IBM watsonx.data due to insufficient restrictions on inter-pod communication. This misconfiguration may allow unauthorized data transfer between pods within the environment. Vulnerability Details CVEID:CVE-2025-36180 DESCRIPTION: IBM Lakehou...

Security update for libssh

This update for libssh fixes the following issues: CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal bsc1258049. CVE-2026-0965: possible denial of service when parsing unexpected configuration files bsc1258045. CVE-2026-0966: buffer underflow in...

CVE-2026-41180

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...

SUSE CVE-2026-33611

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

CVE-2026-41180

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...

CVE-2026-41180 PsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restart

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...

CVE-2026-41180 PsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restart

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...

CVE-2026-41180

Summary: PsiTransfer before 2.4.3 is vulnerable to a path traversal in the upload PATCH flow (/files/:uploadId). The attack can abuse a mounted request path vs the downstream tus handler’s decoded uploadId to cause an unauthenticated attacker to create a file named with a pattern like config..js ...

WebKitGTK 安全漏洞

WebKitGTK is a full-featured version of theWebKit rendering engine developed by WebKitGTK company. It is suitable for projects that require any type of web integration, including mixed HTML/CSS applications in mature web browsers. It offers all the features of WebKit and is suitable for various...

MGASA-2026-0107 Updated gvfs packages fix security vulnerabilities

Gvfs: gvfs ftp backend: information disclosure via untrusted pasv responses. CVE-2026-28295 Gvfs: ftp gvfs backend: arbitrary ftp command injection via crlf sequences in file paths. CVE-2026-28296...

EUVD-2026-24576

free5GC AMF: Missing default case in Content-Type switch in HTTPUEContextTransfer...

GHSA-R99V-75P9-XQM5 free5GC AMF: Missing default case in Content-Type switch in HTTPUEContextTransfer

Summary The HTTPUEContextTransfer handler in internal/sbi/apicommunication.go does not include a default case in the Content-Type switch statement. When a request arrives with an unsupported Content-Type, the deserialization step is silently skipped, err remains nil, and the processor is invoked...

free5GC AMF: Missing default case in Content-Type switch in HTTPUEContextTransfer

Summary The HTTPUEContextTransfer handler in internal/sbi/apicommunication.go does not include a default case in the Content-Type switch statement. When a request arrives with an unsupported Content-Type, the deserialization step is silently skipped, err remains nil, and the processor is invoked...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the HTTP vhost routing process when routeByHTTPUser is used for access control. An attacker can gain unauthorized access to protected backend services by sending proxy-style requests that use a known or guesse...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the SFTP authentication process when the server is configured with an empty username and a password using the -b ':pass' flag together with -sftp. An attacker can gain unauthorized access...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the SFTP authentication process when the server is configured with an empty username and a password using the -b ':pass' flag together with -sftp. An attacker can gain unauthorized access...

actix-http has HTTP/1.1 CL.TE Request Smuggling

A vulnerability in actix-http's HTTP/1.1 request parser allows an unauthenticated remote client to smuggle requests in deployments where a front-end HTTP intermediary and the Actix backend disagree about whether Content-Length or Transfer-Encoding: chunked defines the request body length. Severit...

GHSA-XHJ4-VRGC-HR34 actix-http has HTTP/1.1 CL.TE Request Smuggling

A vulnerability in actix-http's HTTP/1.1 request parser allows an unauthenticated remote client to smuggle requests in deployments where a front-end HTTP intermediary and the Actix backend disagree about whether Content-Length or Transfer-Encoding: chunked defines the request body length. Severit...