22184 matches found
UBUNTU-CVE-2025-15282
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...
CVE-2025-15282 Header injection via newlines in data URL mediatype
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...
CVE-2025-15282
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...
CVE-2025-15282
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...
CVE-2025-15282 Header injection via newlines in data URL mediatype
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...
CVE-2026-1174
A vulnerability was determined in birkir prime up to 0.4.0.beta.0. This affects an unknown function of the file /graphql of the component GraphQL Alias Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. The exploit has been publicly disclose...
CVE-2026-1173
A vulnerability was found in birkir prime up to 0.4.0.beta.0. The impacted element is an unknown function of the file /graphql of the component GraphQL Array Based Query Batch Handler. The manipulation results in denial of service. The attack can be executed remotely. The exploit has been made...
CVE-2026-1171
A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is an unknown function of the file /graphql of the component GraphQL Field Handler. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit has been published and may be used. The...
CVE-2026-1172
A vulnerability has been found in birkir prime up to 0.4.0.beta.0. The affected element is an unknown function of the file /graphql of the component GraphQL Directive Handler. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit has been disclose...
CVE-2026-1150
A security flaw has been discovered in Totolink LR350 9.3.5u.6369B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be launched remotely...
CVE-2026-1149
A vulnerability was identified in Totolink LR350 9.3.5u.6369B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be initiated remotely. The...
CVE-2026-1203
A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Executing a manipulation of the argument uid can lead to improper authentication. The attack may be...
CVE-2026-1195
A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the attack remotely. The attack is considered ...
CVE-2026-1203 CRMEB JSON Token LoginServices.php remoteRegister improper authentication
A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Executing a manipulation of the argument uid can lead to improper authentication. The attack may be...
SUSE CVE-2026-1144
A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is...
CVE-2025-66902
An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...
CVE-2025-66803
CVE-2025-66803 describes a race condition in the turbo-frame element handler of Hotwired Turbo (pre-8.0.x). The issue can cause logout operations to fail when delayed frame responses reapply session cookies, enabling exploitation by delaying HTTP responses (network delays) or naturally on shared ...
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...
MiracleLinux 8 : thunderbird-128.2.0-1.el8_10.ML.1 (AXSA:2024-8858:20)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8858:20 advisory. thunderbird: 115.15/128.2 mozilla: Type confusion when looking up a property name in a with block CVE-2024-8381 mozilla: Internal event interfaces...
MiracleLinux 7 : curl-7.29.0-59.el7 (AXSA:2020-554:03)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-554:03 advisory. curl: heap buffer overflow in function tftpreceivepacket CVE-2019-5482 CVE-2019-5482 Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65....