RHEL 6 / 7 : httpd24-httpd (RHSA-2015:1666)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1666 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the wa...

CVE-2025-32906

A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

CVE-2025-32906 Libsoup: out of bounds reads in soup_headers_parse_request()

A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

CVE-2025-32906

Summary: CVE-2025-32906 affects libsoup and is described in multiple connected advisories. A flaw in the function soup_headers_parse_request() may cause an out-of-bounds read, enabling a malicious HTTP request to crash the Libsoup-based HTTP server. The issue is documented across Red Hat, Debian,...

Vite has an `server.fs.deny` bypass with an invalid `request-target`

Summary The contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. Impact Only apps with the following conditions are affected. - explicitly exposing the Vite dev server to the network using --host or server.host config option - running the Vite de...

NetScaler 14.1 43.x - Citrix ADM Telemetry Download Fails with Error "400 Bad Request"

Citrix ADM users might encounter an immediate "400 Bad Request" error when attempting to download the 'Telemetry file'. As per mpsservice.log - ./mpsservice.log:1 x.x.x.x Debug TCPServerConnection default4473 HTTP Request from URI:/nitro/v1/download/consoletelemetry.tgz, method:GET...

(Pwn2Own) Synology BeeStation BST150-4T CRLF Injection Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of HTTP requests. The issue results...

Important: Red Hat Security Advisory: updated discovery container images

Updated container images are now available for Discovery 1.13.1. The Discovery container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog see...

CVE-2025-3248 Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...

CVE-2025-32013

LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery SSRF vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request ...

CVE-2025-32013 Server-Side Request Forgery via LNURL Authentication Callback in LNbits Lightning Network Payment System

LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery SSRF vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request ...

[SECURITY] [DSA 5896-1] trafficserver security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5896-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 05, 2025 https://www.debian.org/security/faq -...

CVE-2025-29462

A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack...

Debian dsa-5896 : trafficserver - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5896 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5896-1 [email protected] https://www.debian.org/securit...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to inconsistent interpretation of HTTP requests in Golang (CVE-2022-1705)

Summary Golang is used by IBM Storage Fusion Data Foundation as a core part of operators. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-1705. Vulnerability Details CVEID:CVE-2022-1705 DESCRIPTION: Golang Go is vulnerable to...

BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization

Summary A Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest versionv1.4.2 of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. Details It exists an unsafe code segment in serde.py: Python def...

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-22019)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22019 advisory. - A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP reque...

CVE-2025-29462

A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack...

CVE-2025-29462

A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack...

📄 SAP HTTP Request Smuggling

SAPGateBreaker HTTP request smuggling proof of concept exploit that demonstrates a vulnerability in SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53, and SAP Web Dispatcher. Exploit Title: SAPGateBreaker Exploit - CVE-2022-22536 ...