3931 matches found
CVE-2025-7449
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing...
CVE-2025-7449 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing...
CVE-2025-7449 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing...
curl: runs javascript on powershell when it shouldnt
On windows, if I run a curl on powershell for a script that should show alert1 it just executes the script when it shouldn't. I did not use AI to find or report this bug. Affected version on CMD I ran curl --version curl 8.16.0 Windows libcurl/8.16.0 Schannel zlib/1.3.1 WinIDN on powershell it...
GitLab CE/EE 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE versions 8.3 through before 18.4.5, 18...
CVE-2025-36160
IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system...
TencentOS Server 3: ruby:3.1 (TSSA-2024:0106)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0106 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Updated apache packages fix security vulnerabilities
HTTP response splitting. CVE-2024-42516 SSRF with modheaders setting Content-Type header. CVE-2024-43204 modssl error log variable escaping. CVE-2024-47252 modproxyhttp2 denial of service. CVE-2025-49630 modssl access control bypass with session resumption. CVE-2025-23048 modssl TLS upgrade attac...
EulerOS 2.0 SP12 : httpd (EulerOS-SA-2025-2359)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2025-2328)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
BIT-DJANGO-2025-64458 Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and the shortcut django.shortcuts.redirect were subject to a...
Inefficient Algorithmic Complexity
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the HttpResponseRedirect and HttpResponsePermanentRedirect functions when processing input...
Astra Linux – Vulnerability in Apache2
HTTP response splitting in the core of the Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server to split the HTTP response. This vulnerability was identified as CVE-2023-38709, but the patch included in Apache...
HTTP Response Splitting
Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the Content-Disposition header. An attacker can manipulate the file extension of downloaded vCard files by supplying crafted input, potentially leading to user confusion or further exploitation. Remediation...
EUVD-2012-4434
Malware in sbrugna...
EUVD-2020-26160
Malware in sbrugna...
EUVD-2007-1602
Malware in sbrugna...
EUVD-2006-6357
Malware in sbrugna...
EUVD-2020-17010
Malware in sbrugna...
EUVD-2020-30526
Malware in sbrugna...