CVE-2025-0631 PowerFlex® 755 Credential Exposure Vulnerability

A Credential Exposure Vulnerability exists in the above-mentioned product and version. The vulnerability is due to using HTTP resulting in credentials being sent in clear text...

CVE-2025-21550

Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications component: Web UI. Supported versions that are affected are 8.0.8.1, 8.1.2.7 and 8.1.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network acce...

CVE-2025-21524

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Monitoring and Diagnostics SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD...

CVE-2024-42168 HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability

HCL MyXalytics is affected by out-of-band resource load HTTP vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content...

CVE-2024-42168

CVE-2024-42168 affects HCL DRYiCE/MyXalytics. The vulnerability is described as out-of-band resource load (HTTP), where an attacker can host a malicious web server and cause the application to fetch and process that content. Affected component/process is not explicitly detailed beyond the HTTP-ba...

Cookie Poisoning

Quarkus-HTTP is vulnerable to Cookie Poisoning. The vulnerability is due to improper parsing of cookies with specific value-delimiting characters, allowing attackers to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values...

Advisory ROSA-SA-2024-2544

software: tomcat 9.0.37 WASP: ROSA-CHROME packageevrstring: tomcat-9.0.37-6 CVE-ID: CVE-2020-13943 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An HTTP/2 vulnerability in Apache Tomcat allows an attacker to access unwanted resources. CVE-STATUS: The vulnerability has been resolved CVE-REV: To close t...

CISCO-SA-20190925-HTTP

creationtimestamp| type| source ---|---|--- 2024-12-17 06:41:50+00:00| seen| https://social.circl.lu/users/vulnerabilitylookup/statuses/113666794439690387...

php: Fix of CVE-2024-11234

CVE-2024-11234: fix stream HTTP fulluri CRLF injection...

CVE-2024-12397 Io.quarkus.http/quarkus-http-core: quarkus http cookie smuggling

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...

PT-2024-17576 · Unknown · Quarkus-Http

Name of the Vulnerable Software and Affected Versions: Quarkus-HTTP affected versions not specified Description: A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cook...

CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes

Summary The various header-related Refit attributes Header, HeaderCollection and Authorize are vulnerable to CRLF injection. Details The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method: This method does not check for CRLF characters in the header valu...

CVE-2024-47406

Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability...

CVE-2024-21172

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications component: Opera Servlet. Supported versions that are affected are 5.6.19.19, 5.6.25.8 and 5.6.26.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to...

ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Command Execution Vulnerability

ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the country, state, locality, organization, and hostname HTTP POST parameters called by the sslCertAjax.php script. ABB...

ROS-20241001-03

An HTTP server vulnerability for Ruby/Rack application Puma is related to a flaw in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTTP request HTTP Request Smuggling attack The HTTP server...

AWS VDP: External service interaction (HTTP)

The External Service Interaction vulnerability was discovered in a URL. The vulnerability allowed an attacker to induce the application to interact with arbitrary external services such as DNS and HTTP. This vulnerability was outside the scope of the program, as the related infrastructure had bee...

The vulnerability of the net/http module in the Go programming language, related to improper input validation, allows attackers to trigger a service failure.

The vulnerability of the net/http module in the Go programming language is related to improper validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

Cisco IOS HTTP Unauthorized Administrative Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOS HTTP Unauthorized Administrative Access', 'Description' = %q This module exploits a vulnerability in the Cisco IOS HTTP Server. By...

CVE-2024-45258

CVE-2024-45258 affects the Go req package prior to 3.43.4. The root cause is the cleanHost implementation in http.go using a “garbage in, garbage out” design, which may cause the library to send an unintended HTTP request when a malformed URL is provided. Public documents describe potential secur...