TencentOS Server 2: squid (TSSA-2024:1133)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1133 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 3: httpd:2.4 (TSSA-2022:0023)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0023 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: httpd (TSSA-2023:0026)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0026 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

BIT-KIBANA-2024-43706 Kibana Improper Authorization

Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...

BIT-ELK-2024-43706 Kibana Improper Authorization

Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...

The vulnerability of the HTTP Request Handler component of the Langflow agent and workflow creation/ deployment tool allows a attacker to execute arbitrary code.

The vulnerability of the HTTP Request Handler component of the Langflow agent and process creation/ deployment tool is related to the lack of authentication for the critical function. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2024-43706

Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...

CVE-2025-46035

Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint...

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

RHEL 8 : grafana-pcp (RHSA-2025:8983)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:8983 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace...

Moderate: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in...

EulerOS 2.0 SP12 : golang (EulerOS-SA-2025-1586)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a...

CVE-2024-43706 Kibana Improper Authorization

Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...

CVE-2024-43706 Kibana Improper Authorization

Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...

CVE-2024-43706

Kibana has a vulnerability CVE-2024-43706 described as Improper authorization that enables privilege abuse through a direct HTTP request to a Synthetic monitor endpoint. Multiple sources summarize that affected versions include Kibana up to 8.12.0, with a fix released in 8.12.1 (ESA-2024-21). The...

CVE-2025-48879 OctoPrint Vulnerable to Denial of Service through malformed HTTP request

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...

CVE-2025-48879 OctoPrint Vulnerable to Denial of Service through malformed HTTP request

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...

PT-2025-24819 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Elasticsearch Kibana affected versions not specified Description: The issue is related to improper authorization in Kibana, which can be exploited to abuse privileges. This can be achieved by sending a direct HTTP request to a Synthetic monit...

CVE-2025-20129 Cisco Customer Collaboration Platform Information Disclosure Vulnerability

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform CCP, formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent...

PortSwigger Web Security: DNS Rebinding SSRF in Burp Suite MCP Server Enables Internal Network Access via send_http1_request Tool

The Burp Suite MCP Model Context Protocol server was vulnerable to a DNS rebinding attack. This allowed malicious websites to connect to the victim's local MCP server, use the sendhttp1request tool to make arbitrary HTTP requests, and access internal networks, localhost services, and cloud metada...