2466 matches found
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
SHARP MFPs Out-of-Bounds Vulnerabilities (CVE-2024-43424)
Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
USN-8032-1 python-aiohttp vulnerabilities
Charles Chan discovered that AIOHTTP incorrectly handled the decompression of compressed requests. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 25.10. CVE-2025-69223 Thomas Rinsma discovered that AIOHTTP incorrectly handled...
CVE-2026-26234 JUNG Smart Visu Server - Improper Neutralization of HTTP Headers for Scripting Syntax
JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache...
php: Streams HTTP wrapper does not fail for headers with invalid name and no colon
A flaw was found in PHP. This vulnerability allows applications to accept invalid headers via malformed HTTP headers missing a colon :, which may confuse applications into processing them as valid headers...
tornado: Tornado Quadratic DoS via Repeated Header Coalescing
A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...
tornado: Tornado Quadratic DoS via Repeated Header Coalescing
A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...
tornado: Tornado Quadratic DoS via Repeated Header Coalescing
A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...
tornado: Tornado Quadratic DoS via Repeated Header Coalescing
A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
GHSA-V34V-RQ6J-CJ6P LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection
Summary The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints. ---...
CVE-2025-71031
Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...
CVE-2025-7760 Reflected XSS in Ofisimo's Association Web Package Flora
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers.This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The...
CVE-2025-7760
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers.This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The...
EUVD-2025-206770
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers.This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The...
CVE-2025-7760
CVE-2025-7760 affects Ofisimo Web-Based Software Technologies Association Web Package Flora (versions 3.0 through 03022026). The issue stems from improper input handling during web page generation, enabling cross-site scripting via HTTP headers. Red Hat and other sources corroborate the same desc...
Insufficiently Protected Credentials
Overview kimai-mcp is a MCP server for Kimai time-tracking API integration Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the HTTP response handling logic that sets the X-Session-ID header. An attacker can hijack user sessions by observing session...
CVE-2025-7713
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers.This issue affects Content Management System CMS: through 21072025...
CVE-2025-7713
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers.This issue affects Content Management System CMS: through 21072025...