CVE-2024-10047 Directory Listing Vulnerability in parisneo/lollms-webui

parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /openfile endpoint...

CVE-2024-9597 Path Traversal in parisneo/lollms

A Path Traversal vulnerability exists in the /wipedatabase endpoint of parisneo/lollms version v12, allowing an attacker to delete any directory on the system. The vulnerability arises from improper validation of the key parameter, which is used to construct file paths. An attacker can exploit th...

CVE-2024-9597

ParisNeo/lollms v12 contains a Path Traversal in the /wipe_database endpoint. The vulnerability arises from improper validation of the key parameter used to construct file paths, enabling an attacker to delete arbitrary directories via a crafted HTTP request. Public sources (Snyk and Red Hat advi...

CVE-2024-8984 Denial of Service (DoS) in berriai/litellm

A Denial of Service DoS vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource...

CVE-2024-8984

The CVE-2024-8984 entry describes a Denial of Service vulnerability in berriai/litellm v1.44.5 caused by improper handling of multipart HTTP boundaries. An attacker can append characters to the boundary, triggering unbounded resource consumption and service unavailability. The issue is unauthenti...

PT-2025-12031 · Unknown · Netease-Youdao/Qanything

Name of the Vulnerable Software and Affected Versions: netease-youdao/qanything version 1.4.1 Description: A HTTP Request Smuggling vulnerability exists due to inconsistencies in how HTTP requests are interpreted between a proxy and a server. This can lead to unauthorized access, bypassing securi...

Debian dla-4088 : libapache2-mod-php7.4 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4088 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4088-1 [email protected]...

EulerOS 2.0 SP12 : haproxy (EulerOS-SA-2025-1297)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remo...

EulerOS 2.0 SP12 : haproxy (EulerOS-SA-2025-1298)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remo...

CVE-2025-27415 Nuxt allows DOS via cache poisoning with payload rendering response

Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as...

CVE-2025-27415 Nuxt allows DOS via cache poisoning with payload rendering response

Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as...

CVE-2023-47539

An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remotewildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request...

RLSA-2024:9559 Important: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header names CVE-2024-52530 For more details about the security...

BlackVue App 安全漏洞

BlackVue App is a software from BlackVue with car recorder connectivity. It is used to read the video data from the recorder, view the vehicle's driving history, etc. A security vulnerability exists in BlackVue App version 3.65, which stems from a GET request method that uses a sensitive query...

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2025-1270)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2025-1217

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME...

CVE-2025-29904

In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible...

[SECURITY] [DSA 5878-1] php8.2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5878-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 14, 2025 https://www.debian.org/security/faq -...

HTTP Request Smuggling in waitress

...

UBUNTU-CVE-2025-1217

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME...