EUVD-2025-17428

Malicious code in bioql PyPI...

EUVD-2022-4825

Malicious code in bioql PyPI...

PT-2025-29820 · Digisol · Digisol Dg-Gr6821Ac Router

Name of the Vulnerable Software and Affected Versions: Digisol DG-GR6821AC Router affected versions not specified Description: The Digisol DG-GR6821AC Router is susceptible to a misconfiguration regarding the Secure and HttpOnly flags on session cookies associated with the router web interface. A...

CVE-2025-27450 CVE-2025-27450

The Secure attribute is missing on multiple cookies provided by the MEAC300-FNADE4. An attacker can trick a user to establish an unencrypted HTTP connection to the server and intercept the request containing the PHPSESSID cookie...

CVE-2025-27450 CVE-2025-27450

The Secure attribute is missing on multiple cookies provided by the MEAC300-FNADE4. An attacker can trick a user to establish an unencrypted HTTP connection to the server and intercept the request containing the PHPSESSID cookie...

Pingora has a Request Smuggling Vulnerability

A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in...

CVE-2025-25209

The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak tho...

CVE-2025-25209

CVE-2025-25209 affects Red Hat Connectivity Link. The issue arises in the AuthPolicy metadata, where an object storing secrets assumes they already exist in the kuadrant-system instead of copying them to the referred namespace, enabling a attacker with developer persona access to leak secrets via...

CVE-2025-25209 Rhcl: sharedsecretref can be used to leak secrets severity

The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak tho...

CVE-2025-25209 Rhcl: sharedsecretref can be used to leak secrets severity

The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak tho...

CVE-2025-3864

Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue has been included in 1.24.0 release...

CVE-2020-8809

Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attack...

CVE-2025-4366

A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: ...

CVE-2025-4366 Request Smuggling Vulnerability in Pingora

A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: ...

CVE-2019-10389

A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...

CVE-2019-10101

JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack...

CVE-2019-10102

JetBrains Ktor framework created using the Kotlin IDE template versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30...

CVE-2019-10388

A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...

CVE-2025-3268

A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and classified as critical. This vulnerability affects unknown code of the file http/httpconn.cpp. The manipulation of the argument murlreal leads to improper authentication. The attack can be initiated remotely. The exploit has...

CVE-2025-3267

A vulnerability, which was classified as critical, was found in qinguoyi TinyWebServer up to 1.0. This affects an unknown part of the file /http/httpconn.cpp. The manipulation of the argument name/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...