CVE-2019-10240

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected...

CVE-2003-1271

Cross-site scripting vulnerability XSS in AN HTTP 1.41e allows remote attackers to execute arbitrary web script or HTML as other users via a URL containing the script...

K000139571: BIG-IP HTTP vulnerability CVE-2025-36557

Security Advisory Description When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-36557 Impact Traffic is disrupted while the TMM process restarts. This...

F5 Networks BIG-IP : BIG-IP HTTP vulnerability (K000139571)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.5 / 17.1.2. It is, therefore, affected by a vulnerability as referenced in the K000139571 advisory. When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests c...

CVE-2025-30726

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Core. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object...

Security Bulletin: IBM Asset Data Dictionary uses jetty-http-9.4.48.v20220622.jar which is vulnerable to CVE-2024-6763.

Summary IBM Asset Data Dictionary uses jetty-http-9.4.48.v20220622.jar which is vulnerable to CVE-2024-6763. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable,...

CVE-2025-26654 Potential information disclosure vulnerability in SAP Commerce Cloud (Public Cloud)

SAP Commerce Cloud Public Cloud does not allow to disable unencrypted HTTP port 80 entirely, but instead allows a redirect from port 80 to 443 HTTPS. As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request befor...

CVE-2025-30221 Pitchfork HTTP Request/Response Splitting vulnerability

Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitchfork release 0.11.0. No known workarounds are available...

The vulnerability of the HTTP protocol implementation in Bitdefender BOX 1 devices allows a perpetrator to carry out a “man-in-the-middle” type attack.

The vulnerability of the HTTP protocol implementation in Bitdefender BOX 1 devices for device protection involves the transmission of credentials in an unencrypted form. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” type attack...

CVE-2023-35894

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

CVE-2022-21390

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications component: Webservices Manager. Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2022-21614

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware component: Dashboard. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2020-14815

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Actions. Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

CVE-2020-14639

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Sample apps. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2020-14750

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP...

CVE-2020-2818

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Administration. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2020-2871

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

CVE-2024-41671

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1...

CVE-2024-8884

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause exposure of credentials when attacker has access to application on network over http...

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...