24h | 7d | 30d

CVE-2026-44431

Overview

  • urllib3
  • urllib3
13 May 2026
Published
13 May 2026
Updated
CVSS v4.0
HIGH (8.2)
EPSS
0.04%
KEV

Description

urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Seth Grover @mmguero

Malcolm v26.05.1 is out?!? What, already? DΓ©jΓ  vu? We bumped up to the timetable on this release as a critical vulnerability found in NGINX made it expedient for us to do so.

Malcolm v26.05.1 focuses heavily on security updates, most notably upgrading OpenResty to address a critical NGINX remote code execution heap buffer overflow vulnerability. It also adds new Suricata OT detections for D-Link HNAP abuse, improves alerting webhook support, introduces the File Tree dashboard, and includes Suricata parsing/mapping fixes and documentation updates. Several other components received version bumps as well.

If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

github.com/idaholab/Malcolm/co

  • ✨ Features and enhancements
  • βœ… Component version updates
  • πŸ› Bug fixes
    • Reference Counting (Use-After-Free) Bug for PyList_SetItem in filescan's python-statfs (#960 #962)
    • Added a few missing Suricata fields (suricata.tc_progress, suricata.ts_progress, suricata.tunnel.pcap_cnt, suricata.tunnel.pkt_src) to the index mapping template
    • When suricata.app_proto_ts and/or suricata.app_proto_tc reported that protocol parsing had failed (due to malformed input data), invalid data could be stored in HTTP, DNS, and/or TLS fields. This is now detected and those invalid values are dropped, and some combination of proto_parse_failed, client_stream_failed, or server_stream_failed are added to tags.
    • Suricata's HTTP version was not being normalized to network.protocol_version.
  • 🧹 Code and project maintenance

Malcolm is a powerful, easily deployable network πŸ–§ traffic analysis tool suite for network security monitoring πŸ•΅πŸ»β€β™€οΈ.

Malcolm operates as a cluster of containers πŸ“¦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker πŸ‹, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images πŸ’Ώ for Malcolm and Hedgehog Linux πŸ¦” can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split πŸͺ“ into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell πŸͺŸ (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board πŸ’¬ to engage with the community, or pop some corn 🍿 and watch a video πŸ“Ό.

  • 2
  • 1
  • 0
  • 7h ago

CVE-2026-27651

Overview

  • F5
  • NGINX Open Source
24 Mar 2026
Published
24 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.04%
KEV

Description

When the ngx_mail_auth_http_moduleΒ module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Seth Grover @mmguero

Malcolm v26.05.1 is out?!? What, already? DΓ©jΓ  vu? We bumped up to the timetable on this release as a critical vulnerability found in NGINX made it expedient for us to do so.

Malcolm v26.05.1 focuses heavily on security updates, most notably upgrading OpenResty to address a critical NGINX remote code execution heap buffer overflow vulnerability. It also adds new Suricata OT detections for D-Link HNAP abuse, improves alerting webhook support, introduces the File Tree dashboard, and includes Suricata parsing/mapping fixes and documentation updates. Several other components received version bumps as well.

If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

github.com/idaholab/Malcolm/co

  • ✨ Features and enhancements
  • βœ… Component version updates
  • πŸ› Bug fixes
    • Reference Counting (Use-After-Free) Bug for PyList_SetItem in filescan's python-statfs (#960 #962)
    • Added a few missing Suricata fields (suricata.tc_progress, suricata.ts_progress, suricata.tunnel.pcap_cnt, suricata.tunnel.pkt_src) to the index mapping template
    • When suricata.app_proto_ts and/or suricata.app_proto_tc reported that protocol parsing had failed (due to malformed input data), invalid data could be stored in HTTP, DNS, and/or TLS fields. This is now detected and those invalid values are dropped, and some combination of proto_parse_failed, client_stream_failed, or server_stream_failed are added to tags.
    • Suricata's HTTP version was not being normalized to network.protocol_version.
  • 🧹 Code and project maintenance

Malcolm is a powerful, easily deployable network πŸ–§ traffic analysis tool suite for network security monitoring πŸ•΅πŸ»β€β™€οΈ.

Malcolm operates as a cluster of containers πŸ“¦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker πŸ‹, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images πŸ’Ώ for Malcolm and Hedgehog Linux πŸ¦” can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split πŸͺ“ into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell πŸͺŸ (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board πŸ’¬ to engage with the community, or pop some corn 🍿 and watch a video πŸ“Ό.

  • 2
  • 1
  • 0
  • 7h ago

CVE-2026-42284

Overview

  • gitpython-developers
  • GitPython
07 May 2026
Published
09 May 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.06%
KEV

Description

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation (starts with --branch), but after split becomes ["--branch", "main", "--config", "core.hooksPath=/x"]. Git applies the config and executes attacker hooks during clone. This issue has been patched in version 3.1.47.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Seth Grover @mmguero

Malcolm v26.05.1 is out?!? What, already? DΓ©jΓ  vu? We bumped up to the timetable on this release as a critical vulnerability found in NGINX made it expedient for us to do so.

Malcolm v26.05.1 focuses heavily on security updates, most notably upgrading OpenResty to address a critical NGINX remote code execution heap buffer overflow vulnerability. It also adds new Suricata OT detections for D-Link HNAP abuse, improves alerting webhook support, introduces the File Tree dashboard, and includes Suricata parsing/mapping fixes and documentation updates. Several other components received version bumps as well.

If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

github.com/idaholab/Malcolm/co

  • ✨ Features and enhancements
  • βœ… Component version updates
  • πŸ› Bug fixes
    • Reference Counting (Use-After-Free) Bug for PyList_SetItem in filescan's python-statfs (#960 #962)
    • Added a few missing Suricata fields (suricata.tc_progress, suricata.ts_progress, suricata.tunnel.pcap_cnt, suricata.tunnel.pkt_src) to the index mapping template
    • When suricata.app_proto_ts and/or suricata.app_proto_tc reported that protocol parsing had failed (due to malformed input data), invalid data could be stored in HTTP, DNS, and/or TLS fields. This is now detected and those invalid values are dropped, and some combination of proto_parse_failed, client_stream_failed, or server_stream_failed are added to tags.
    • Suricata's HTTP version was not being normalized to network.protocol_version.
  • 🧹 Code and project maintenance

Malcolm is a powerful, easily deployable network πŸ–§ traffic analysis tool suite for network security monitoring πŸ•΅πŸ»β€β™€οΈ.

Malcolm operates as a cluster of containers πŸ“¦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker πŸ‹, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images πŸ’Ώ for Malcolm and Hedgehog Linux πŸ¦” can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split πŸͺ“ into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell πŸͺŸ (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board πŸ’¬ to engage with the community, or pop some corn 🍿 and watch a video πŸ“Ό.

  • 2
  • 1
  • 0
  • 7h ago

CVE-2026-44243

Overview

  • gitpython-developers
  • GitPython
07 May 2026
Published
07 May 2026
Updated
CVSS v4.0
HIGH (7.8)
EPSS
0.11%
KEV

Description

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations. This issue has been patched in version 3.1.48.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Seth Grover @mmguero

Malcolm v26.05.1 is out?!? What, already? DΓ©jΓ  vu? We bumped up to the timetable on this release as a critical vulnerability found in NGINX made it expedient for us to do so.

Malcolm v26.05.1 focuses heavily on security updates, most notably upgrading OpenResty to address a critical NGINX remote code execution heap buffer overflow vulnerability. It also adds new Suricata OT detections for D-Link HNAP abuse, improves alerting webhook support, introduces the File Tree dashboard, and includes Suricata parsing/mapping fixes and documentation updates. Several other components received version bumps as well.

If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

github.com/idaholab/Malcolm/co

  • ✨ Features and enhancements
  • βœ… Component version updates
  • πŸ› Bug fixes
    • Reference Counting (Use-After-Free) Bug for PyList_SetItem in filescan's python-statfs (#960 #962)
    • Added a few missing Suricata fields (suricata.tc_progress, suricata.ts_progress, suricata.tunnel.pcap_cnt, suricata.tunnel.pkt_src) to the index mapping template
    • When suricata.app_proto_ts and/or suricata.app_proto_tc reported that protocol parsing had failed (due to malformed input data), invalid data could be stored in HTTP, DNS, and/or TLS fields. This is now detected and those invalid values are dropped, and some combination of proto_parse_failed, client_stream_failed, or server_stream_failed are added to tags.
    • Suricata's HTTP version was not being normalized to network.protocol_version.
  • 🧹 Code and project maintenance

Malcolm is a powerful, easily deployable network πŸ–§ traffic analysis tool suite for network security monitoring πŸ•΅πŸ»β€β™€οΈ.

Malcolm operates as a cluster of containers πŸ“¦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker πŸ‹, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images πŸ’Ώ for Malcolm and Hedgehog Linux πŸ¦” can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split πŸͺ“ into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell πŸͺŸ (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board πŸ’¬ to engage with the community, or pop some corn 🍿 and watch a video πŸ“Ό.

  • 2
  • 1
  • 0
  • 7h ago

CVE-2026-1642

Overview

  • F5
  • NGINX Open Source
04 Feb 2026
Published
05 Feb 2026
Updated
CVSS v3.1
MEDIUM (5.9)
EPSS
0.02%
KEV

Description

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server sideβ€”along with conditions beyond the attacker's controlβ€”may be able to inject plain text data into the response from an upstream proxied server.Β Β Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Seth Grover @mmguero

Malcolm v26.05.1 is out?!? What, already? DΓ©jΓ  vu? We bumped up to the timetable on this release as a critical vulnerability found in NGINX made it expedient for us to do so.

Malcolm v26.05.1 focuses heavily on security updates, most notably upgrading OpenResty to address a critical NGINX remote code execution heap buffer overflow vulnerability. It also adds new Suricata OT detections for D-Link HNAP abuse, improves alerting webhook support, introduces the File Tree dashboard, and includes Suricata parsing/mapping fixes and documentation updates. Several other components received version bumps as well.

If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

github.com/idaholab/Malcolm/co

  • ✨ Features and enhancements
  • βœ… Component version updates
  • πŸ› Bug fixes
    • Reference Counting (Use-After-Free) Bug for PyList_SetItem in filescan's python-statfs (#960 #962)
    • Added a few missing Suricata fields (suricata.tc_progress, suricata.ts_progress, suricata.tunnel.pcap_cnt, suricata.tunnel.pkt_src) to the index mapping template
    • When suricata.app_proto_ts and/or suricata.app_proto_tc reported that protocol parsing had failed (due to malformed input data), invalid data could be stored in HTTP, DNS, and/or TLS fields. This is now detected and those invalid values are dropped, and some combination of proto_parse_failed, client_stream_failed, or server_stream_failed are added to tags.
    • Suricata's HTTP version was not being normalized to network.protocol_version.
  • 🧹 Code and project maintenance

Malcolm is a powerful, easily deployable network πŸ–§ traffic analysis tool suite for network security monitoring πŸ•΅πŸ»β€β™€οΈ.

Malcolm operates as a cluster of containers πŸ“¦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker πŸ‹, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images πŸ’Ώ for Malcolm and Hedgehog Linux πŸ¦” can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split πŸͺ“ into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell πŸͺŸ (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board πŸ’¬ to engage with the community, or pop some corn 🍿 and watch a video πŸ“Ό.

  • 2
  • 1
  • 0
  • 7h ago

CVE-2026-44244

Overview

  • gitpython-developers
  • GitPython
07 May 2026
Published
09 May 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines (e.g. \n becomes \n\t), but Git still accepts an indented [core] stanza as a section header β€” so the injected core.hooksPath becomes effective configuration. Any Git operation that invokes hooks (commit, merge, checkout) will then execute scripts from the attacker-controlled path. This issue has been patched in version 3.1.49.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Seth Grover @mmguero

Malcolm v26.05.1 is out?!? What, already? DΓ©jΓ  vu? We bumped up to the timetable on this release as a critical vulnerability found in NGINX made it expedient for us to do so.

Malcolm v26.05.1 focuses heavily on security updates, most notably upgrading OpenResty to address a critical NGINX remote code execution heap buffer overflow vulnerability. It also adds new Suricata OT detections for D-Link HNAP abuse, improves alerting webhook support, introduces the File Tree dashboard, and includes Suricata parsing/mapping fixes and documentation updates. Several other components received version bumps as well.

If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

github.com/idaholab/Malcolm/co

  • ✨ Features and enhancements
  • βœ… Component version updates
  • πŸ› Bug fixes
    • Reference Counting (Use-After-Free) Bug for PyList_SetItem in filescan's python-statfs (#960 #962)
    • Added a few missing Suricata fields (suricata.tc_progress, suricata.ts_progress, suricata.tunnel.pcap_cnt, suricata.tunnel.pkt_src) to the index mapping template
    • When suricata.app_proto_ts and/or suricata.app_proto_tc reported that protocol parsing had failed (due to malformed input data), invalid data could be stored in HTTP, DNS, and/or TLS fields. This is now detected and those invalid values are dropped, and some combination of proto_parse_failed, client_stream_failed, or server_stream_failed are added to tags.
    • Suricata's HTTP version was not being normalized to network.protocol_version.
  • 🧹 Code and project maintenance

Malcolm is a powerful, easily deployable network πŸ–§ traffic analysis tool suite for network security monitoring πŸ•΅πŸ»β€β™€οΈ.

Malcolm operates as a cluster of containers πŸ“¦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker πŸ‹, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images πŸ’Ώ for Malcolm and Hedgehog Linux πŸ¦” can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split πŸͺ“ into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell πŸͺŸ (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board πŸ’¬ to engage with the community, or pop some corn 🍿 and watch a video πŸ“Ό.

  • 2
  • 1
  • 0
  • 7h ago

CVE-2026-28753

Overview

  • F5
  • NGINX Open Source
24 Mar 2026
Published
24 Mar 2026
Updated
CVSS v3.1
LOW (3.7)
EPSS
0.02%
KEV

Description

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Seth Grover @mmguero

Malcolm v26.05.1 is out?!? What, already? DΓ©jΓ  vu? We bumped up to the timetable on this release as a critical vulnerability found in NGINX made it expedient for us to do so.

Malcolm v26.05.1 focuses heavily on security updates, most notably upgrading OpenResty to address a critical NGINX remote code execution heap buffer overflow vulnerability. It also adds new Suricata OT detections for D-Link HNAP abuse, improves alerting webhook support, introduces the File Tree dashboard, and includes Suricata parsing/mapping fixes and documentation updates. Several other components received version bumps as well.

If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

github.com/idaholab/Malcolm/co

  • ✨ Features and enhancements
  • βœ… Component version updates
  • πŸ› Bug fixes
    • Reference Counting (Use-After-Free) Bug for PyList_SetItem in filescan's python-statfs (#960 #962)
    • Added a few missing Suricata fields (suricata.tc_progress, suricata.ts_progress, suricata.tunnel.pcap_cnt, suricata.tunnel.pkt_src) to the index mapping template
    • When suricata.app_proto_ts and/or suricata.app_proto_tc reported that protocol parsing had failed (due to malformed input data), invalid data could be stored in HTTP, DNS, and/or TLS fields. This is now detected and those invalid values are dropped, and some combination of proto_parse_failed, client_stream_failed, or server_stream_failed are added to tags.
    • Suricata's HTTP version was not being normalized to network.protocol_version.
  • 🧹 Code and project maintenance

Malcolm is a powerful, easily deployable network πŸ–§ traffic analysis tool suite for network security monitoring πŸ•΅πŸ»β€β™€οΈ.

Malcolm operates as a cluster of containers πŸ“¦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker πŸ‹, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images πŸ’Ώ for Malcolm and Hedgehog Linux πŸ¦” can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split πŸͺ“ into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell πŸͺŸ (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board πŸ’¬ to engage with the community, or pop some corn 🍿 and watch a video πŸ“Ό.

  • 2
  • 1
  • 0
  • 7h ago
Showing 61 to 67 of 67 CVEs