5188 matches found
CVE-2026-53232
In the Linux kernel, this CVE covers a fix in net: phy: clean the sfp upstream if phy probing fails. Sashiko noted that sfp_bus_del_upstream() was not invoked on probe failure, leaving the sfp-bus with a dangling upstream field that could be used later during SFP events. The issue predates the ge...
EUVD-2026-39323
In the Linux kernel, the following vulnerability has been resolved: net: phy: clean the sfp upstream if phy probing fails Sashiko reported that we don't call sfpbusdelupstream in the probe failure path, so let's add it, otherwise the sfp-bus is left with a dangling 'upstream' field, that may be...
CVE-2026-53538
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only...
DEBIAN-CVE-2026-53537
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=...,...
DEBIAN-CVE-2026-53538
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only...
CVE-2026-53537
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=...,...
CVE-2026-53538 Python-Multipart: Semicolon treated as querystring field separator enables parameter smuggling
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only...
CVE-2026-12031
The following flaw was identified in the Chromium browser: Inappropriate implementation Views. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=518045638...
CVE-2026-12032
The following flaw was identified in the Chromium browser: Inappropriate implementation Passwords. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=518128953...
CVE-2026-12028
The following flaw was identified in the Chromium browser: Use after free GPU. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517555461...
CVE-2026-12026
The following flaw was identified in the Chromium browser: Out of bounds read Video. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517347084...
CVE-2026-12030
The following flaw was identified in the Chromium browser: Heap buffer overflow GPU. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=518007423...
CVE-2026-12024
The following flaw was identified in the Chromium browser: Insufficient policy enforcement DevTools. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517086161...
CVE-2026-12019
The following flaw was identified in the Chromium browser: Out of bounds write Codecs. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516872067...
MAL-2026-6214 Malicious code in @chunklab/hexparse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56ad779454aa221e4a3d5a13725428059b40edd7cd8a4329ef382348bc493013 Package advertises itself as a small hex/base64/endianness codec library, but every exported encode/decode function encodeHex, decodeHex,...
Malicious code in @chunklab/hexparse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56ad779454aa221e4a3d5a13725428059b40edd7cd8a4329ef382348bc493013 Package advertises itself as a small hex/base64/endianness codec library, but every exported encode/decode function encodeHex, decodeHex,...
EUVD-2026-37769
undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse...
GHSA-35P6-XMWP-9G52 undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse
Impact Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...
EUVD-2026-38020
Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the upstream service. This issue affects Apache APISIX:...
CVE-2026-12464
An use after free flaw was found in the Browser component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=519358344...