CVE-2025-67735 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when HttpRequestEncod...

EUVD-2025-203450

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when HttpRequestEncod...

ScamSweeper: Detecting Illegal Accounts in Web3 Scams Via Transactions Analysis

The web3 applications have recently been growing, especially on the Ethereum platform, starting to become the target of scammers. The web3 scams, imitating the services provided by legitimate platforms, mimic regular activity to deceive users. However, previous studies have primarily concentrated...

GHSA-84H7-RJJ3-6JX4 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder

Summary The io.netty.handler.codec.http.HttpRequestEncoder CRLF injection with the request uri when constructing a request. This leads to request smuggling when HttpRequestEncoder is used without proper sanitization of the uri. Details The HttpRequestEncoder simply UTF8 encodes the uri without...

BIT-NGINX-GATEWAY-2024-32760 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

PT-2025-51671

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the multiq3 driver related to configuration options within the multiq3 attach function. Syzbot identified that crafted configuration options,...

@agentic-trust/8004-ext-sdk (>=1.0.0 <=1.0.40), @agentic-trust/agentic-trust-sdk (>=1.0.43 <=1.0.46) +94 more potentially affected by unknown CVE via @ensdomains/address-encoder (>=1.0.0-rc.2 <=1.1.4)

@ensdomains/address-encoder NPM version =1.0.0-rc.2, =1.0.0, =1.0.43, =0.1.0, =0.1.1, =1.0.17, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =0.1.0, =0.4.10, =0.4.11-beta.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-190665...

Malicious code in @ensdomains/address-encoder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec8264ecb2af0b5028f08af1a108f7fe73cd1cbe55ea2cb7102a3e28b2e1052e The package @ensdomains/address-encoder was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198699

Malicious code in @ensdomains/address-encoder npm...

MAL-2025-190665 Malicious code in @ensdomains/address-encoder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec8264ecb2af0b5028f08af1a108f7fe73cd1cbe55ea2cb7102a3e28b2e1052e The package @ensdomains/address-encoder was found to contain malicious code. Source: ghsa-malware...

CVE-2025-63224

The Itel DAB Encoder IDEnc build 25aec8d is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...

TencentOS Server 4: ffmpeg (TSSA-2025:0714)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0714 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2025-63224

The Itel DAB Encoder IDEnc build 25aec8d is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...

CVE-2025-63224

The Itel DAB Encoder IDEnc build 25aec8d is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...

PT-2025-47471

Name of the Vulnerable Software and Affected Versions Itel DAB Encoder version 25aec8d Description The Itel DAB Encoder IDEnc build 25aec8d has a flaw in how it verifies JSON Web Tokens JWTs. This allows an attacker who has a valid JWT from one device to use it to gain administrative access to an...

CVE-2025-63224

The Itel DAB Encoder IDEnc build 25aec8d is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...

Itel DAB Encoder 安全漏洞

Itel DAB Encoder is a device for broadcasting systems from Itel Italia. A security vulnerability exists in Itel DAB Encoder that stems from improper JWT authentication, which could lead to authentication bypass...

CVE-2025-63224

The CVE-2025-63224 entry concerns the Itel DAB Encoder (IDEnc build 25aec8d). The root cause is improper JWT validation across devices, enabling authentication bypass: an attacker with a valid JWT from one device can authenticate as an admin on any other device running the same firmware. This lea...

MGASA-2025-0266 Updated libvpx packages fix security vulnerability

Double-free in libvpx encoder. CVE-2025-5283...

Updated libvpx packages fix security vulnerability

Double-free in libvpx encoder. CVE-2025-5283...