CVE-2026-42348

OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This coul...

Astra Linux - уязвимость в libsoup2.4

A flaw was discovered in libsoup. The package is vulnerable to a heap buffer over-read issue when scanning content using the skipinsightwhitespace function. Libsoup clients may read one byte beyond the bounds of the memory area in response to a malicious HTTP response from an HTTP server...

PT-2026-37116

Name of the Vulnerable Software and Affected Versions OpenTelemetry.Exporter.OneCollector versions prior to 1.15.1 Description When exporting telemetry to a back-end or collector over HTTP, the HttpJsonPostTransport class reads the entire response body into memory without an upper bound if the...

JLSEC-2026-182

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver...

CVE-2026-34519

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. A remote attacker could exploit this vulnerability by controlling the 'reason' parameter during the creation of an HTTP response. This could allow the attacker to inject additional HTTP headers, potentially...

EUVD-2026-16911

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack...

OESA-2026-1745 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: A mongocbulkoperationt may read invalid memory if large options a...

CVE-2024-42210

A Stored cross-site scripting XSS vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP...

MongoDB C Driver 安全漏洞

The MongoDB C Driver is an open-source driver developed by MongoDB, designed to connect to and operate MongoDB databases in C-language programs. There is a security vulnerability in the MongoDB C Driver, where applications using this driver may crash due to receiving malformed HTTP responses...

CVE-2026-31960

CVE-2026-31960 concerns Quill, which before 0.7.1 had an unbounded read of HTTP response bodies during the Apple notarization flow. The vulnerability can allow an attacker who can modify or forge API responses (e.g., via TLS-intercepting proxies or trust boundary violations) to feed an arbitraril...

CVE-2019-25478 GetGo Download Manager 6.2.2.3300 Buffer Overflow DoS

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make i...

CVE-2025-13616

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

CVE-2026-0689

In ExtremeCloud IQ – Site Engine XIQ‑SE before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns th...

CVE-2025-13616

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

CVE-2025-13616

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

CVE-2025-13616

Vulnerability: IBM DataStage on Cloud Pak for Data (DataStage on Cloud Pak for Data) versions 5.1.2–5.3.0 expose sensitive information in an HTTP response, enabling information disclosure. Root cause: HTTP response leakage of sensitive system information. Impact: confidentiality impact H with no ...

IBM DataStage on Cloud Pak for Data 安全漏洞

IBM DataStage on Cloud Pak for Data is an enterprise-level data integration solution provided by International Business Machines IBM. Versions 5.1.2 to 5.3.0 of IBM DataStage on Cloud Pak for Data contain security vulnerabilities. These vulnerabilities stem from the return of sensitive informatio...

CVE-2026-0689

In ExtremeCloud IQ – Site Engine XIQ‑SE before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns th...

CVE-2026-0689 XIQ‑SE NAC Admin Credential Exposure via HTTP Response

In ExtremeCloud IQ – Site Engine XIQ‑SE before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns th...

EUVD-2026-9177

In ExtremeCloud IQ – Site Engine XIQ‑SE before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns th...