EUVD-2025-19427

Malicious code in bioql PyPI...

EUVD-2024-2325

Malicious code in bioql PyPI...

EUVD-2022-6216

Malicious code in bioql PyPI...

RLSA-2025:10873 Important: java-21-openjdk security update

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Better Glyph drawing CVE-2025-30749 JDK: Enhance TLS protocol support CVE-2025-30754 JDK: Improve HTTP client header handling CVE-2025-50059 JDK: Better...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /meta/proxy endpoint. An attacker can obtain sensitive information by sending requests that cause identifiable data, such as email addresses, to be forwarded to external services through specific HTTP header...

CVE-2025-8411

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers. This issue affects E-Commerce Web Design Product: before 11.08.2025...

CVE-2025-8411

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers. This issue affects E-Commerce Web Design Product: before 11.08.2025...

CVE-2025-8411

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers. This issue affects E-Commerce Web Design Product: before 11.08.2025...

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

OESA-2025-2175 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 3 Summary: A...

CLSA-2025-1757016160 Fix CVE(s): CVE-2025-1217, CVE-2025-1734, CVE-2025-1736, CVE-2025-1861

SECURITY UPDATE: misinterpretation of HTTP response headers - debian/patches/CVE-2025-1217.patch: adds HTTP header folding support for HTTP wrapper response headers in ext/standard/httpfopenwrapper.c - CVE-2025-1217 SECURITY UPDATE: insufficient HTTP header validation -...

Linux Distros Unpatched Vulnerability : CVE-2015-5741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request...

Malicious code in camelize-http-headers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a51a98ebb3bf39ce4592df2daa07de423db9f54f9b5c31e5a0b42f2371cd6024 The OpenSSF Package Analysis project identified 'camelize-http-headers' @ 1.1.1 npm as malicious. It is considered malicious because: - The...

MAL-2025-42135 Malicious code in camelize-http-headers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a51a98ebb3bf39ce4592df2daa07de423db9f54f9b5c31e5a0b42f2371cd6024 The OpenSSF Package Analysis project identified 'camelize-http-headers' @ 1.1.1 npm as malicious. It is considered malicious because: - The...

Linux Distros Unpatched Vulnerability : CVE-2021-22132

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store t...

Linux Distros Unpatched Vulnerability : CVE-2023-47641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the...

Linux Distros Unpatched Vulnerability : CVE-2022-41915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling...

CLSA-2025-1756322698 php: Fix of CVE-2025-1736

CVE-2025-1736: fix incorrect validation of CRLF in http headers...

CVE-2025-44957

Ruckus SmartZone SZ before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers...

CVE-2025-44957

Ruckus SmartZone SZ before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers...