Cavid

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenProject versions prior to 17.2.0 **Description** OpenProject is an open-source, web-based project management software. Before version 17.2.0, deleting a budget did not perform a permission check before reassigning associated work packages to a different budget. This allowed all users of the application to delete work package budget assignments. The issue involves a bypass of the permission check during budget deletion, leading to unintended reassignment of work packages. **Recommendations** Update OpenProject to version 17.2.0 or later.

**Name of the Vulnerable Software and Affected Versions** libsoup versions 2.4.1-2.74.3 through 2.4.1-2.74.3-17.1 libsoup versions 3.0.0-3.6.6 through 3.0.0-3.6.6-1.1 **Description** The libsoup library contains flaws related to HTTP/1 request smuggling. Specifically, the `soup headers parse()` function improperly handles Content-Length (CL.CL) and Transfer-Encoding (TE+CL) header combinations, allowing for request smuggling primitives to be accepted. **Recommendations** Update libsoup to version 2.4.1-2.74.3-17.1 or later. Update libsoup to version 3.0.0-3.6.6-1.1 or later.

**Name of the Vulnerable Software and Affected Versions** Libsoup (affected versions not specified) **Description** The server-side digest authentication implementation within the `SoupAuthDomainDigest` class does not correctly manage issued nonces or enforce the necessary incremental `nonce-count` (`nc`) attribute. This allows a remote attacker to capture a single valid authentication header and replay it multiple times, bypassing authentication and gaining unauthorized access to protected resources while impersonating a legitimate user. A nonce is a random or pseudo-random value used to prevent replay attacks. The `nc` attribute is a counter that must increment with each authentication attempt to ensure the validity of the request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Versions (affected versions not specified) **Description** A misconfiguration of the Cross-Origin Resource Sharing (CORS) policy exists when the internal webserver is enabled. An attacker may be able to trick an administrator logged into the dashboard into visiting a malicious website, potentially allowing the extraction of information about the running configuration from the dashboard. CORS (Cross-Origin Resource Sharing) is a browser security mechanism that restricts web pages from making requests to a different domain than the one which served the web page. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to the fix for CVE-2026-24029 **Description** When the `early acl drop` (or `earlyACLDrop` in Lua) option is disabled, and a DNS over HTTPs frontend is utilizing the nghttp2 provider, the Access Control List (ACL) check is bypassed. This allows all clients to submit DNS over HTTPS (DoH) queries, irrespective of the configured ACL rules. The default setting for `early acl drop` is enabled. **Recommendations** Ensure the `early acl drop` option is enabled.