Lucene search
K

190 matches found

RedhatCVE
RedhatCVE
added 2025/09/17 10:45 p.m.7 views

CVE-2025-10485

A vulnerability has been found in pojoin h3blog up to 5bf704425ebc11f4c24da51f32f36bb17ae20489. Affected by this issue is the function pptlog of the file /login of the component HTTP Header Handler. Such manipulation of the argument X-Forwarded-For leads to cross site scripting. The attack may be...

5.3CVSS5.2AI score0.00404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/16 6:28 a.m.8 views

CVE-2025-10392

A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be...

10CVSS7.1AI score0.00673EPSS
Exploits0References1
CVE
CVE
added 2025/09/15 10:32 p.m.13 views

CVE-2025-10485

The CVE-2025-10485 entry applies to pojoin h3blog, affecting the HTTP Header Handler’s file/login and the ppt_log function. The issue stems from manipulating the X-Forwarded-For argument, enabling cross-site scripting via remote exploitation. Public exploit information is noted. Affected versions...

5.3CVSS3.8AI score0.00404EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.6 views

PT-2025-37776

Name of the Vulnerable Software and Affected Versions: pojoin h3blog versions prior to 5bf704425ebc11f4c24da51f32f36bb17ae20489 Description: A vulnerability exists due to cross site scripting. Manipulation of the X-Forwarded-For argument in the /login file, specifically within the ppt log functio...

5.3CVSS3.6AI score0.00404EPSS
Exploits0References7
NVD
NVD
added 2025/09/14 6:15 a.m.4 views

CVE-2025-10392

A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be...

10CVSS0.00673EPSS
Exploits0References4
CVE
CVE
added 2025/09/14 5:32 a.m.24 views

CVE-2025-10392

The CVE-2025-10392 entry concerns Mercury KM08-708H GiGA WiFi Wave2 1.1.14. Affects the HTTP Header Handler component, where manipulating the Host argument causes a stack-based buffer overflow. The vulnerability is exploitable remotely, with exploit code publicly available. Documents indicate a C...

10CVSS9.3AI score0.00673EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/07/27 4:24 a.m.5 views

CVE-2025-8129

A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack...

6.1CVSS7.2AI score0.00229EPSS
Exploits1References1
OSV
OSV
added 2025/07/25 6:30 a.m.2 views

GHSA-MVW6-62QV-VMQF Duplicate Advisory: Koa Open Redirect via Referrer Header (User-Controlled)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgmv-j7ww-jx2x. This link is maintained to preserve external references. Original Description A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function ba...

5.1CVSS5.5AI score0.00229EPSS
Exploits1References8
NVD
NVD
added 2025/07/25 5:15 a.m.5 views

CVE-2025-8129

A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack...

6.1CVSS0.00229EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/07/25 4:2 a.m.6 views

CVE-2025-8129 KoaJS Koa HTTP Header response.js back redirect

A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack...

5.1CVSS7.1AI score0.00229EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/07/25 12:0 a.m.5 views

PT-2025-30726

Name of the Vulnerable Software and Affected Versions Koa versions up to 3.0.0 Description A problematic issue exists in KoaJS Koa. The back function within the HTTP Header Handler component, located in lib/response.js, is susceptible to open redirect attacks through manipulation of the Referrer...

6.1CVSS4.9AI score0.00229EPSS
Exploits1References19
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.8 views

The vulnerability of the Response Header Handler component in the Craft CMS system allows a hacker to execute arbitrary code.

The vulnerability of the Response Header Handler component in the Craft CMS content management system is related to errors in HTTP request processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

5.3CVSS8.4AI score0.01119EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/29 12:6 p.m.10 views

CVE-2025-6762

A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...

7.2CVSS7.3AI score0.00361EPSS
Exploits1References1
NVD
NVD
added 2025/06/27 12:15 p.m.12 views

CVE-2025-6762

A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...

7.2CVSS0.00361EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/06/27 11:31 a.m.5 views

CVE-2025-6762 diyhi bbs HTTP Header login getUrl server-side request forgery

A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...

6.5CVSS7.2AI score0.00361EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/06/27 11:31 a.m.16 views

CVE-2025-6762 diyhi bbs HTTP Header login getUrl server-side request forgery

A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...

6.5CVSS0.00361EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.4 views

PT-2025-27142 · Diyhi Bbs · Diyhi Bbs

Name of the Vulnerable Software and Affected Versions: diyhi bbs versions up to 6.8 Description: A critical issue has been discovered that affects the getUrl function of the /admin/login file in the HTTP Header Handler component. The manipulation of the Host argument leads to server-side request...

6.5CVSS7.3AI score0.00361EPSS
Exploits1References8
BDU FSTEC
BDU FSTEC
added 2025/06/25 12:0 a.m.4 views

The vulnerability in the HTTP Header Handler component of Mozilla Firefox and Firefox ESR browsers allows attackers to perform cross-site scripting (XSS) attacks.

The vulnerability of the HTTP Header Handler component in Mozilla Firefox and Firefox ESR browsers is related to the failure to protect the web page structure during the processing of the Content-Disposition parameter. Exploiting this vulnerability allows a remote attacker to perform cross-site...

6.4CVSS6.1AI score0.00215EPSS
Exploits0References13Affected Software4
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.8 views

PT-2025-26727

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Firefox ESR versions prior to 128.12 Description: The issue arises when a file download is specified via the Content-Disposition header, but this directive is ignored if the file is included via an or tag. This...

9.8CVSS8.4AI score0.1307EPSS
Exploits5References619
RedhatCVE
RedhatCVE
added 2025/05/28 11:50 a.m.15 views

CVE-2025-5183

A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as problematic. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument Host leads to open redirect. The attack may be initiated...

5.1CVSS6.9AI score0.00238EPSS
Exploits0References1
Rows per page
Query Builder