86 matches found
EUVD-2025-29113
Malicious code in bioql PyPI...
EUVD-2024-50626
Malicious code in bioql PyPI...
EUVD-2025-19325
Malicious code in bioql PyPI...
EUVD-2022-43275
Malicious code in bioql PyPI...
CVE-2025-10392
The CVE-2025-10392 entry concerns Mercury KM08-708H GiGA WiFi Wave2 1.1.14. Affects the HTTP Header Handler component, where manipulating the Host argument causes a stack-based buffer overflow. The vulnerability is exploitable remotely, with exploit code publicly available. Documents indicate a C...
CVE-2025-8129
A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack...
GHSA-MVW6-62QV-VMQF Duplicate Advisory: Koa Open Redirect via Referrer Header (User-Controlled)
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgmv-j7ww-jx2x. This link is maintained to preserve external references. Original Description A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function ba...
CVE-2025-8129
A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack...
CVE-2025-8129 KoaJS Koa HTTP Header response.js back redirect
A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack...
PT-2025-30726
Name of the Vulnerable Software and Affected Versions Koa versions up to 3.0.0 Description A problematic issue exists in KoaJS Koa. The back function within the HTTP Header Handler component, located in lib/response.js, is susceptible to open redirect attacks through manipulation of the Referrer...
CVE-2025-6762
A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...
CVE-2025-6762
A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...
CVE-2025-6762 diyhi bbs HTTP Header login getUrl server-side request forgery
A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...
CVE-2025-6762 diyhi bbs HTTP Header login getUrl server-side request forgery
A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...
PT-2025-27142 · Diyhi Bbs · Diyhi Bbs
Name of the Vulnerable Software and Affected Versions: diyhi bbs versions up to 6.8 Description: A critical issue has been discovered that affects the getUrl function of the /admin/login file in the HTTP Header Handler component. The manipulation of the Host argument leads to server-side request...
PT-2025-26727
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Firefox ESR versions prior to 128.12 Description: The issue arises when a file download is specified via the Content-Disposition header, but this directive is ignored if the file is included via an or tag. This...
CVE-2025-5146
A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. This vulnerability affects the function passwdset of the file /usr/bin/routerd of the component HTTP Header Handler. The manipulation of the...
CVE-2025-5146 Netcore NBR200V2 HTTP Header routerd passwd_set command injection
A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. This vulnerability affects the function passwdset of the file /usr/bin/routerd of the component HTTP Header Handler. The manipulation of the...
CVE-2025-5146
CVE-2025-5146 affects Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 (up to 20250508). The vulnerability resides in the passwd_set function of /usr/bin/routerd within the HTTP Header Handler, where manipulation of the pwd argument enables remote command injection. The e...
CVE-2025-5146 Netcore NBR200V2 HTTP Header routerd passwd_set command injection
A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. This vulnerability affects the function passwdset of the file /usr/bin/routerd of the component HTTP Header Handler. The manipulation of the...