75 matches found
CVE-2026-54278
CVE-2026-54278 affects the AIOHTTP framework for Python. Prior to 3.14.1, during cleanup a compressed request body could be decompressed in memory in one chunk, potentially enabling a DoS via a zip-bomb scenario. Impact is described as high for availability and no confidentiality/integrity impact...
SUSE CVE-2026-11611
A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...
EUVD-2026-35129
A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...
SUSE CVE-2026-31842
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
SUSE CVE-2026-34441
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...
CVE-2026-34441
A flaw was found in cpp-httplib, a C++11 HTTP/HTTPS library. This vulnerability, known as HTTP Request Smuggling, allows a remote attacker to embed an arbitrary HTTP request within the body of a GET request. The server's static file handler fails to consume the entire request body, leaving unread...
CVE-2026-34441
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...
DEBIAN-CVE-2026-34441
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...
CVE-2026-34441
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...
UBUNTU-CVE-2026-34441
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...
CVE-2026-34441
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...
EUVD-2026-17672
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...
PT-2026-29373
Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.40.0 Description cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread body...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002626)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002626 advisory. fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service memory consumption ...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002692)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002692 advisory. fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service memory consumption ...
SUSE CVE-2025-68186
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not warn in ringbuffermapgetreader when reader catches up The function ringbuffermapgetreader is a bit more strict than the other get reader functions, and except for certain situations the rbgetreaderpage should...
CVE-2025-11452
The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$COOKIE'asgarosforumunreadexclude'' cookie in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
CVE-2025-11452 Asgaros Forum <= 3.1.0 - Unauthenticated SQL Injection
The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$COOKIE'asgarosforumunreadexclude'' cookie in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
EUVD-2020-19169
Malware in sbrugna...
EUVD-2023-50095
Malicious code in bioql PyPI...