11 matches found
CVE-2026-31908
Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...
CVE-2026-31908 Apache APISIX: forward auth plugin allows header injection
Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...
CVE-2026-31908 Apache APISIX: forward auth plugin allows header injection
Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...
PT-2026-32601
Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...
PT-2026-31646
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pe page hash calc. When page hash processing is performed on a PE file, the function...
CVE-2026-27571
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS...
org.opensearch.dataprepper.plugins:otel-trace-group-processor (>=2.12.0 <=2.12.1) potentially affected by CVE-2025-62371 via org.opensearch.dataprepper.plugins:opensearch (>=2.12.0 <=2.12.1)
org.opensearch.dataprepper.plugins:opensearch MAVEN version =2.12.0, =2.12.0, =2.12.1 Source cves: CVE-2025-62371 Source advisory: SNYK:JAVA-ORGOPENSEARCHDATAPREPPERPLUGINS-13561982...
DEBIAN-CVE-2025-30164
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user or one that is able to authenticate, allows to...
Smsot SQL Injection Vulnerability
Smsot is a professional community operation solution by China Motech Smsot. A SQL injection vulnerability exists in Smsot 2.12 and earlier versions, which stems from the parameter datasign in the file /api.php that can lead to SQL injection...
PT-2022-2681 · Pjsip +4 · Pjsip +4
Name of the Vulnerable Software and Affected Versions: PJSIP versions 2.12 and prior Description: The issue is related to a stack buffer overflow vulnerability in the PJSIP multimedia communication library, specifically affecting users of PJSUA2 or those who call the API endpoints pjmedia sdp pri...
Aprelium Abyss Web Server 缓冲区错误漏洞
Aprelium Abyss Web Server is a web server from the Tunisian company Aprelium. A security vulnerability exists in Aprelium Abyss Web Server X1 version 2.12.1 and version 2.14, which can be exploited by an attacker to potentially cause an out-of-bounds read via an HTTP request, which could result i...