ROS-20250430-12

The vulnerability in the PHP programming language interpreter is related to a flaw in header processing of HTTP requests. Exploitation of the vulnerability could allow a remote attacker to send a hidden HTTP request HTTP Request Smuggling attack. A hidden HTTP request HTTP Request Smuggling attac...

JetBrains YouTrack < 3.1.1 HTTP Request Smuggling

The version of JetBrains YouTrack installed on the remote host is prior to 3.1.1. It is, therefore, affected by a HTTP Request smuggling vulnerability as referenced in the vendor advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's...

The vulnerability of the HTTP Header Handler component in the http_request_parse function of the D-Link DAP-1562 wireless access point software allows a attacker to compromise the confidentiality, accessibility, and integrity of the protected information.

The vulnerability of the HTTP Header Handler component in the httprequestparse function of the D-Link DAP-1562 wireless access point’s microprogramming system is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

CVE-2025-40618

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

CVE-2025-40618 SQL injection vulnerability in Bookgy

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

CVE-2025-40618

The CVE-2025-40618 entry describes an SQL injection in Bookgy, exploitable via the IDRESERVA parameter in /bkg_imprimir_comprobante.php. Affected component: Bookgy web API endpoint; root cause: improper input handling allowing arbitrary SQL access. Implications shown in metrics: high impact on co...

CVE-2025-40618 SQL injection vulnerability in Bookgy

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

CVE-2025-40617 SQL injection vulnerability in Bookgy

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkgseleccionarhoraajax.php...

CVE-2025-40617 SQL injection vulnerability in Bookgy

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkgseleccionarhoraajax.php...

Amazon Linux 2 : runc (ALASNITRO-ENCLAVES-2025-055)

The version of runc installed on the remote host is prior to 1.1.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-055 advisory. Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go...

Amazon Linux 2 : runc (ALASECS-2025-057)

The version of runc installed on the remote host is prior to 1.1.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-057 advisory. Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allow...

CVE-2025-36625

In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application...

CVE-2024-6198

The CVE-2024-6198 entry concerns Viasat modems exposing a web interface on ports 3030 and 9882, served by lighttpd implementing the SNORE interface. The vulnerability is a stack buffer overflow caused by insecure path parsing, exploitable by a specially crafted HTTP request from a LAN network int...

CVE-2024-6198 SNORE Interface Unauthenticated Remote Code Execution

The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could u...

Security Bulletin: Vulnerability in Puma used by Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-45614)

Summary There is a potential HTTP request smuggling in Puma that affect Logstash used by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2024-45614 DESCRIPTION: Puma is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP X-Forwarded-For header. By...

PT-2025-18257 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to write arbitrary files in arbitrary file...

PT-2025-18262 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the wireless network...

PT-2025-18251 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning...

Improper Request Handling

http-proxy-middleware is vulnerable to Improper Request Handling. The vulnerability is due to improper request handling caused by fixRequestBody executing even when bodyParser has failed, which allows attackers to smuggle malicious HTTP requests...

📄 AlegroCart 1.2.9 Logic Flaw

AlegroCart version 1.2.9 suffers from a business logic flaw that allows for price manipulation. Exploit Title: Business Logic Flaw: Price Manipulation - alegrocartv1.2.9 Date: 04/2025 Exploit Author: Andrey Stoykov Version: 1.2.9 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Busines...