CVE-2023-49564 Authentication Bypass

The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid...

PT-2025-38296

Name of the Vulnerable Software and Affected Versions CBIS/NCS Manager affected versions not specified Description The CBIS/NCS Manager API is susceptible to an authentication bypass. An unauthenticated user can gain unauthorized access to API functions by sending a specially crafted HTTP header...

OESA-2025-2279 libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: A denial-of-service vulnerability has been identified in the libso...

Cisco Secure Adaptive Security Appliance Remote Access VPN Web Server DoS (cisco-sa-asaftd-vpnwebs-dos-hjBhmBsX)

According to its self-reported version, Cisco Adaptive Security Appliance ASA Software is affected by a vulnerability. - A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software...

Cisco Secure Firewall Threat Defense Remote Access VPN Web Server DoS (cisco-sa-asaftd-vpnwebs-dos-hjBhmBsX)

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a vulnerability. - A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could all...

PT-2025-34103 · Undefined · Undefined

SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exception...

Linux Distros Unpatched Vulnerability : CVE-2021-39293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause a NewReader or...

EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2025-1934)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup. The libsoup appendparamquoted function may contain an overflow bug resulting in a buffer under-read.CVE-2025-32050 A...

CVE-2025-41653

An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive...

AZL-61902 CVE-2025-4476 affecting package libsoup for versions less than 3.0.4-7

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed...

AZL-61910 CVE-2025-4476 affecting package libsoup for versions less than 3.4.4-7

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed...

golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

A flaw was found in the golang-jwt implementation of JSON Web Tokens JWT. In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an...

CVE-2024-54809

Netgear Inc WNR854T 1.5.2 North America contains a stack-based buffer overflow vulnerability in the parsestheader function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take contr...

golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

A flaw was found in the golang-jwt implementation of JSON Web Tokens JWT. In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an...

Regular Expression Denial Of Service (ReDoS)

@octokit/request-error is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the handling of HTTP request headers. Specifically, the regex used to process authorization headers fails to handle excessive whitespace...

CVE-2011-4082

A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request...

CVE-2023-49952

Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...

CVE-2023-49952

Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...

Mastodon 安全漏洞

Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. A security vulnerability exists in Mastodon versions 4.1.x prior to 4.1.17 and 4.2.x prior to 4.2.9, which stems from a vulnerability that allows rate limiting to be bypassed via a crafted HTTP reque...

edk2: Infinite loop when parsing unknown options in the Destination Options header

A security loophole involving an infinite loop was identified in EDK2, the open-source reference implementation of the UEFI specification. This weakness enables an unauthorized attacker to exploit system availability by sending a specifically crafted Destination Options IPv6 header...