CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

EUVD-2026-12683

Next.js: null origin can bypass dev HMR websocket CSRF checks...

USN-8062-2 curl vulnerabilities

USN-8062-1 fixed vulnerabilities in curl. This update provides the corresponding update for CVE-2025-14017, CVE-2025-15079, and CVE-2025-15224 for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that curl incorrectly handled...

EUVD-2024-0399

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-10148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted...

Linux Distros Unpatched Vulnerability : CVE-2022-25762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat...

Tenable.ad < 3.77.12 Multiple Vulnerabilities (TNS-2025-14)

The version of Tenable.ad installed on the remote host is prior to 3.77.12. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-14 advisory. - Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcu...

Linux Distros Unpatched Vulnerability : CVE-2010-1766

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt...

RHEL 9 : mod_http2 (RHSA-2024:8680)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:8680 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null...

Wire 信任管理问题漏洞

Wire is a chat software by an individual developer. The software supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos as well as its original greeting method PING. A security vulnerability exists in Wire that stems from a request...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.0 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...