CVE-2025-55183

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the soupmessageheadersgetonecommon is used to construct the request URI. An attacker can bypass host-based access controls or poison caches by sending requests with multiple Host headers, exploiting the...

CVE-2025-34397

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScript context in the response. By supplying a...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : Netty vulnerabilities (USN-7918-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7918-1 advisory. Jeppe Bonde Weikop discovered that Netty incorrectly parsed HTTP messages. When Netty is...

PT-2025-50523

Name of the Vulnerable Software and Affected Versions UBICOD Medivision Digital Signage version 1.5.1 Description A flaw exists in UBICOD Medivision Digital Signage that allows normal users to gain elevated privileges. This is achieved by manipulating the ftgrp parameter. Specifically, sending a...

EUVD-2021-34735

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obixtest.php with malicious 'id' values to extract database information...

USN-7918-1 netty vulnerabilities

Jeppe Bonde Weikop discovered that Netty incorrectly parsed HTTP messages. When Netty is used with certain reverse proxies, a remote attacker could possibly use this issue to perform HTTP request smuggling attacks. CVE-2025-58056 Jonas Konrad discovered that Netty did not properly manage memory...

CVE-2025-64153

CVE-2025-64153 is an OS command injection in Fortinet FortiExtender. A authenticated attacker can execute arbitrary commands via a crafted HTTP request due to improper input neutralization in FortiExtender versions 7.0, 7.2, 7.4.0–7.4.7, and 7.6.0–7.6.3. Public reports (Red Hat, CIRCL, CVE lists,...

Security Bulletin: IBM Documentation Offline is vulnerable to `Node.js ReadFileUtf8 and HTTP Parser flaws` due to Node.js (CVE-2025-23165, CVE-2025-23167)

Summary IBM Documentation Offline utilizes Node.js as a third-party component, which contains two vulnerabilities that could potentially affect your product's stability and security. CVE-2025-23165 CVSS: 3.7 is a Denial of Service DoS vulnerability in the ReadFileUtf8 internal binding. Repeated u...

Fortinet FortiSandbox 跨站脚本漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from US-based Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A cross-site scripting vulnerability exists in Fortinet FortiSandbox...

Exploit for CVE-2025-66478

Check for CVE-2025-66478 Checks if your NextJS server is vulne...

SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2025:4264-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4264-1 advisory. - CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 - CVE-2024-47220: Fixed HTTP request smuggling...

PT-2025-48787

Name of the Vulnerable Software and Affected Versions Akamai affected versions not specified Description A flaw exists in Akamai that allows for HTTP request smuggling due to an invalid chunked body size. This issue, identified as a discrepancy between the chunk size and chunk data, enabled...

RHEL 8 / 9 : OpenShift Container Platform 4.14.59 (RHSA-2025:21328)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21328 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

TencentOS Server 4: libsoup (TSSA-2025:0247)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0247 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2021-4465 ReQuest Serious Play F3 Media Server <= 7.0.3 Remote DoS

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 Pro, 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker through a single crafted HTTP GET request, allowing...

CLSA-2025-1763124681 Fix CVE(s): CVE-2025-62168

SECURITY UPDATE: information disclosure vulnerability in error handling - debian/patches/CVE-2025-62168.patch: Fix HttpRequest::pack function to handle sensitive data by including a parameter for masking sensitive information - CVE-2025-62168...

CVE-2025-64709

Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...

CVE-2025-20341

The CVE-2025-20341 case involves Cisco Catalyst Center Virtual Appliance. Description and multiple connected sources confirm an Access Control / input-validation flaw that allows an authenticated, remote attacker with at least Observer privileges to escalate to Administrator by sending a crafted ...

PT-2025-46852

Name of the Vulnerable Software and Affected Versions Cisco Catalyst Center Virtual Appliance affected versions not specified Description A flaw exists in Cisco Catalyst Center Virtual Appliance that could allow a remote attacker with valid credentials for a user account with at least the role of...