Linux Distros Unpatched Vulnerability : CVE-2017-6508

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequence...

Linux Distros Unpatched Vulnerability : CVE-2012-4929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating th...

CVE-2024-12314

The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible for unauthenticated attackers to poison the cache with custom HTTP headers that may be unsanitiz...

CVE-2024-12314 Rapid Cache <= 1.2.3 - Unauthenticated Cache Poisoning

The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible for unauthenticated attackers to poison the cache with custom HTTP headers that may be unsanitiz...

CVE-2025-25200

A denial of service flaw was found in the koa library. An improperly designed regex is used to parse some specific HTTP headers. If untrusted requests are passed to koa, it can cause excessive resource usage on the server...

CVE-2025-25200

Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the X-Forwarded-Proto and X-Forwarded-Host HTTP headers. This can be exploited to carry out a Denial-of-Service attack. Versions 0.21....

CVE-2025-25200 Koa has Inefficient Regular Expression Complexity

Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the X-Forwarded-Proto and X-Forwarded-Host HTTP headers. This can be exploited to carry out a Denial-of-Service attack. Versions 0.21....

CVE-2025-25200 Koa has Inefficient Regular Expression Complexity

Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the X-Forwarded-Proto and X-Forwarded-Host HTTP headers. This can be exploited to carry out a Denial-of-Service attack. Versions 0.21....

CVE-2025-25200 Koa has Inefficient Regular Expression Complexity

Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the X-Forwarded-Proto and X-Forwarded-Host HTTP headers. This can be exploited to carry out a Denial-of-Service attack. Versions 0.21....

Cisco Secure Web Appliance 输入验证错误漏洞

Cisco Secure Web Appliance is an application from Cisco USA. An input validation error vulnerability exists in Cisco Secure Web Appliance that stems from improper handling of HTTP request headers and can be exploited by an attacker to download malicious files...

CVE-2025-0754

The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...

CVE-2024-45687

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in Payara Platform Payara Server Grizzly, REST Management Interface modules, Payara Platform Payara Micro Grizzly modules allows Manipulating State, Identity Spoofing.This issue affects Payar...

BIT-PHP-MIN-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

CVE-2024-54021

An Improper Neutralization of CRLF Sequences in HTTP Headers 'http response splitting' vulnerability CWE-113 in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter via crafted HTTP headers...

GHSA-MGR7-5782-6JH9 The Umbraco Heartcore headless client library uses a vulnerable Refit dependency package

Impact The Heartcore headless client library depends on Refit to assist in making HTTP requests to Heartcore public APIs. Refit recently published an advisory regarding a CRLF injection vulnerability whereby it is possible for a malicious user to smuggle additional headers or potentially body...

ZenML < 0.56.3 Vulnerability - CVE-2024-2383

The version of ZenML installed on the remote host is prior to 0.56.3. It is, therefore, affected by a clickjacking vulnerability due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the...

CLSA-2024-1733908866 Fix CVE(s): CVE-2023-25725

SECURITY UPDATE: The HTTP header parsers in HAProxy may accept empty header field names - debian/patches/CVE-2023-25725.patch: prevent empty header field names - CVE-2023-25725...

CVE-2024-42330

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...

CVE-2024-42330

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...

CVE-2024-42330

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...