190 matches found
CVE-2025-10485
A vulnerability has been found in pojoin h3blog up to 5bf704425ebc11f4c24da51f32f36bb17ae20489. Affected by this issue is the function pptlog of the file /login of the component HTTP Header Handler. Such manipulation of the argument X-Forwarded-For leads to cross site scripting. The attack may be...
CVE-2025-10392
A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be...
CVE-2025-10485
The CVE-2025-10485 entry applies to pojoin h3blog, affecting the HTTP Header Handler’s file/login and the ppt_log function. The issue stems from manipulating the X-Forwarded-For argument, enabling cross-site scripting via remote exploitation. Public exploit information is noted. Affected versions...
PT-2025-37776
Name of the Vulnerable Software and Affected Versions: pojoin h3blog versions prior to 5bf704425ebc11f4c24da51f32f36bb17ae20489 Description: A vulnerability exists due to cross site scripting. Manipulation of the X-Forwarded-For argument in the /login file, specifically within the ppt log functio...
CVE-2025-10392
A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be...
CVE-2025-10392
The CVE-2025-10392 entry concerns Mercury KM08-708H GiGA WiFi Wave2 1.1.14. Affects the HTTP Header Handler component, where manipulating the Host argument causes a stack-based buffer overflow. The vulnerability is exploitable remotely, with exploit code publicly available. Documents indicate a C...
CVE-2025-8129
A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack...
GHSA-MVW6-62QV-VMQF Duplicate Advisory: Koa Open Redirect via Referrer Header (User-Controlled)
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgmv-j7ww-jx2x. This link is maintained to preserve external references. Original Description A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function ba...
CVE-2025-8129
A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack...
CVE-2025-8129 KoaJS Koa HTTP Header response.js back redirect
A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack...
PT-2025-30726
Name of the Vulnerable Software and Affected Versions Koa versions up to 3.0.0 Description A problematic issue exists in KoaJS Koa. The back function within the HTTP Header Handler component, located in lib/response.js, is susceptible to open redirect attacks through manipulation of the Referrer...
The vulnerability of the Response Header Handler component in the Craft CMS system allows a hacker to execute arbitrary code.
The vulnerability of the Response Header Handler component in the Craft CMS content management system is related to errors in HTTP request processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2025-6762
A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...
CVE-2025-6762
A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...
CVE-2025-6762 diyhi bbs HTTP Header login getUrl server-side request forgery
A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...
CVE-2025-6762 diyhi bbs HTTP Header login getUrl server-side request forgery
A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...
PT-2025-27142 · Diyhi Bbs · Diyhi Bbs
Name of the Vulnerable Software and Affected Versions: diyhi bbs versions up to 6.8 Description: A critical issue has been discovered that affects the getUrl function of the /admin/login file in the HTTP Header Handler component. The manipulation of the Host argument leads to server-side request...
The vulnerability in the HTTP Header Handler component of Mozilla Firefox and Firefox ESR browsers allows attackers to perform cross-site scripting (XSS) attacks.
The vulnerability of the HTTP Header Handler component in Mozilla Firefox and Firefox ESR browsers is related to the failure to protect the web page structure during the processing of the Content-Disposition parameter. Exploiting this vulnerability allows a remote attacker to perform cross-site...
PT-2025-26727
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Firefox ESR versions prior to 128.12 Description: The issue arises when a file download is specified via the Content-Disposition header, but this directive is ignored if the file is included via an or tag. This...
CVE-2025-5183
A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as problematic. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument Host leads to open redirect. The attack may be initiated...