CVE-2026-22025 CryptoLib Memory Leak on HTTP Error Response in KMC Client

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP...

CVE-2024-8509

CVE-2024-8509 affects Red Hat Migration Toolkit for Virtualization (Migration toolkit for virtualization) via the Forklift Controller component. The issue arises because Forklift Controller does not properly validate the Authorization header beyond requiring bearer authentication; without a token...

CVE-2024-8509

A vulnerability was found in Forklift Controller. There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value provides a 200 response wi...

GHSA-PC5P-H8PF-MVWP Machine-In-The-Middle in https-proxy-agent

Versions of https-proxy-agent prior to 2.2.3 are vulnerable to Machine-In-The-Middle. The package fails to enforce TLS on the socket if the proxy server responds the to the request with a HTTP status different than 200. This allows an attacker with access to the proxy server to intercept...

Security clean up /plugins/servlet/Wallboard.old 200 response

A low risk Path-Based Vulnerability exists at /plugins/servlet/Wallboard.old. Stylesheets and basic html page load for page that should not exist/deprecated...

HackerOne: Null byte injection

Hi , I would like to report an issue that I have noticed in https://hackerone.com/users/signin?invitationtoken= . I am not sure if this is a valid security issue , but I have decided to report it anyway and see what you guys think. Details: - When you go to...

HP LaserJet Pro P1606dn Password Reset

!/usr/bin/python Exploit Title: HP LaserJet Pro P1606dn Webadmin password reset Date: 20.05.2013 Exploit Author: m3tamantra http://m3tamantra.wordpress.com/blog Vendor Homepage: http://www8.hp.com/de/de/products/printers/product-detail.html?oid=4110411 Firmware Date: 20100223 import urllib2 ip =...

Mozilla Seamonkey Multiple Vulnerability Jun-09 (Linux)

The host is installed with Seamonkey, which is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbseamonkeymultvulnjun09lin.nasl 4869 2016-12-29 11:01:45Z teissa $ Mozilla Seamonkey Multiple Vulnerabilities Jun-09 Linux Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone...

SSL tampering via non-200 responses to proxy CONNECT requests — Mozilla

Microsoft security researchers Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang reported that when a CONNECT request is sent to a proxy server and a non-200 response is returned, then the body of the response is incorrectly rendered within the context of the request Host: header. An active...