CVE-2025-44957

CVE-2025-44957 affects Ruckus SmartZone (SZ) prior to 6.1.2p3 Refresh Build. The issue enables authentication bypass using a valid API key and crafted HTTP headers, potentially granting administrator access. Connected PT security notes corroborate the affected software and specify that the workar...

ROS-20250804-21

A vulnerability in the cURL command line utility interface is related to the allocation of unlimited memory when processing HTTP headers. HTTP headers. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

CVE-2025-44957

Ruckus SmartZone SZ before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers...

CVE-2025-44957

Ruckus SmartZone SZ before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers...

ROS-20250804-01

A vulnerability in the cURL command line utility interface is related to the allocation of unlimited memory when processing HTTP headers. HTTP headers. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

CVE-2025-41376

CRLF Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via '/index.php/survey/index/sid//token/fwyfw%0d%0aCookie:%20POC'...

CVE-2025-50578

LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirect attacks. This allows the loading...

CVE-2025-50578

LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirect attacks. This allows the loading...

PT-2025-31395

Name of the Vulnerable Software and Affected Versions heimdall version 2.6.3-ls307 Description The application does not properly validate user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. This allows for Host Header Injection and Open Redirect attacks. An unauthenticated remo...

CVE-2025-50578

Heimdall 2.6.3-ls307 (LinuxServer.io) contains a vulnerability in handling user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirects, enabling loading of external resou...

CVE-2025-50578

LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirect attacks. This allows the loading...

java-17-openjdk security update

An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-17-openjdk packages provide the OpenJDK 17 Java Runtime...

PT-2025-30891 · Unknown · Openblow Whistleblowing Platform

Name of the Vulnerable Software and Affected Versions: OpenBlow whistleblowing platform affected versions not specified Description: A client-side security misconfiguration exists due to the absence of critical HTTP response headers, including Content-Security-Policy, Referrer-Policy,...

Improper Handling Of HTTP Headers

on-headers is vulnerable to Improper Handling of HTTP Headers. The vulnerability is due to unexpected header modification caused by incorrect processing when an array is passed to response.writeHead, potentially altering response headers unintentionally...

Ubuntu 16.04 LTS / 18.04 LTS : PHP vulnerabilities (USN-7645-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7645-1 advisory. It was discovered that PHP incorrectly parsed certain HTTP response headers. An attacker could possibly use this issue to cause incorrect MIM...

USN-7645-1: PHP vulnerabilities

It was discovered that PHP incorrectly parsed certain HTTP response headers. An attacker could possibly use this issue to cause incorrect MIME type parsing which could result in unexpected behavior. CVE-2025-1217 It was discovered that PHP did not properly validate certain HTTP headers. An attack...

CVE-2025-53641

Postiz is an AI social media scheduling tool. From 1.45.1 to 1.62.3, the Postiz frontend application allows an attacker to inject arbitrary HTTP headers into the middleware pipeline. This flaw enables a server-side request forgery SSRF condition, which can be exploited to initiate unauthorized...

ROS-20250707-03

A vulnerability in the Portainer container management platform is related to the transmission of HTTP headers to the registry. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information...

CVE-2025-53094

ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and including 3.7.8, a CRLF Carriage Return Line Feed injection vulnerability exists in the construction and output of HTTP headers within AsyncWebHeader.cpp. Unsanitize...

CVE-2025-53094

ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and including 3.7.8, a CRLF Carriage Return Line Feed injection vulnerability exists in the construction and output of HTTP headers within AsyncWebHeader.cpp. Unsanitize...