Security Bulletin: IBM Event Streams is vulnerable to unintended response header modification

Summary IBM Event Streams is vulnerable to unintended response header modification due to a flaw in the on-headers module CVE-2025-7339 Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers...

CVE-2026-22779

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...

CVE-2025-23191

Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the atom:link values in the returned metadata redirecting them from the SAP server to a malicious link set by the attacke...

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service.

Summary The CVE may result in headers being modified in internal NodeJS traffic which could lead to a denial of service. Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 ma...

EUVD-2008-2002

Malware in sbrugna...

EUVD-2013-1916

Malware in sbrugna...

EUVD-2006-0638

Malware in sbrugna...

EUVD-2007-6470

Malware in sbrugna...

EUVD-2021-15624

Malware in sbrugna...

EUVD-2021-10786

Malware in sbrugna...

EUVD-2018-3184

Malware in sbrugna...

EUVD-2023-59710

Malicious code in bioql PyPI...

EUVD-2022-4928

Malicious code in bioql PyPI...

CVE-2025-54411 Discourse welcome banner user name XSS

Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcomebanner.header.loggedinmembers site text to remove the...

DEBIAN-CVE-2025-7339

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

CVE-2025-45997

Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg...

CVE-2020-23776

A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request...

CVE-2018-9934

The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control...

PT-2025-17868

Name of the Vulnerable Software and Affected Versions React Router versions 7.0 through 7.5.1 Description The issue allows an attacker to modify pre-rendered data by adding a header to the request, potentially leading to various exploits, including stored XSS. This is possible due to a...

CVE-2025-23191

Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the atom:link values in the returned metadata redirecting them from the SAP server to a malicious link set by the attacke...