55 matches found
CVE-2026-56047
Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.3 versions...
Astra Linux - уязвимость в python-urllib3
urllib3 is a HTTP client library for Python. The streaming API of urllib3 is designed for efficiently handling large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...
PT-2026-38407
Name of the Vulnerable Software and Affected Versions PyTorch Lightning versions 2.6.2 through 2.6.3 Description PyTorch Lightning, a deep learning framework used to pretrain and finetune AI models, contains compromised versions that include malicious code. This code introduces functionality...
CVE-2025-62845
CVE-2025-62845 describes an improper neutralization of escape, meta, or control sequences affecting QHora devices. The root cause is not elaborated beyond that description in the provided sources, but the vulnerability is triggered when a local attacker with administrator privileges can cause abn...
PT-2026-26633
Name of the Vulnerable Software and Affected Versions QHora versions prior to 2.6.3.009 Description An issue exists in QHora where an improper restriction of communication channels to intended endpoints can allow an attacker with physical access to gain elevated privileges. The issue was exploite...
CVE-2026-27811
CVE-2026-27811 affects the Roxy-WI web interface. Prior to version 8.2.6.3, a command injection exists in the /config/compare///show endpoint. The root cause is in app/modules/config/config.py on line 362, where user input is directly formatted into a template string that is eventually executed, ...
PT-2026-25962
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the /config/compare///show endpoint, allowed authenticated users to execute arbitrary system commands on the app host. The vulnerability...
EulerOS 2.0 SP13 : python-urllib3 (EulerOS-SA-2026-1295)
According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by...
urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...
urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...
urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...
urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...
Fedora 42 : mingw-python-urllib3 (2026-2b6dfd7c83)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2b6dfd7c83 advisory. Update to 2.6.3, fixes CVE-2025-66471, CVE-2025-21441, CVE-2025-66418. Tenable has extracted the preceding description block directly from the Fedor...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: mingw-expat (UTSA-2026-004808)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004808 advisory. An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for mgroupSize on 32-bit platforms where UINTMAX equals...
CVE-2026-21441
CVE-2026-21441 (urllib3) : The issue occurs in urllib3’s streaming API where, for HTTP redirect responses, the client decompresses the entire response body even before any reads are issued, enabling potential resource exhaustion (CPU/memory) via decompression bombs. Affected versions are prior to...
CVE-2026-21441 urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...
GHSA-38JV-5279-WG99 Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip,...
CVE-2025-11973 简数采集器 <= 2.6.3 - Authenticated (Admin+) Arbitrary File Read
The 简数采集器 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.6.3 via the kdsflag functionality that imports featured images. This makes it possible for authenticated attackers, with Adminstrator-level access and above, to read the contents of arbitra...
CVE-2025-52635
creationtimestamp| type| source ---|---|--- 2025-10-10 11:11:48+00:00| seen| Telegram/U6-OpfEB8PA8JmfNuGIjjqscc7fjmIVPnKg9RJrQefpg5Q...
CVE-2025-47213
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...