77 matches found
PT-2026-22889
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...
Open Redirect
Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Open Redirect via the internal URL processing logic when handling the X-Forwarded-Prefix header. An attacker can cause users to be redirected to arbitrary external domains b...
CVE-2026-27738 Angular SSR has an Open Redirect via X-Forwarded-Prefix
The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic...
CVE-2026-27738
CVE-2026-27738 describes an open redirect in Angular SSR’s internal URL processing. In affected Angular SSR versions on the 19.x branch prior to 19.2.21, 20.x prior to 20.3.17, and 21.x prior to 21.1.5 and 21.2.0-rc.1, the logic that normalizes URL segments by stripping a single leading slash can...
CVE-2026-27738 Angular SSR has an Open Redirect via X-Forwarded-Prefix
The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic...
CVE-2026-24489
Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...
CVE-2026-24489
Gakido is a Python HTTP client vulnerable to HTTP header injection (CRLF/NULL) in versions prior to 0.1.1. The vulnerability arises from user-controlled header names/values not being sanitized, allowing an attacker to inject arbitrary headers into requests. The fix added in 0.1.1 provides a dedic...
EUVD-2026-4832
Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...
CVE-2026-24489 Gakido vulnerable to HTTP Header Injection (CRLF Injection)
Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...
HTTP Response Splitting
Overview gakido is a High-performance CPython HTTP client with browser impersonation. Affected versions of this package are vulnerable to HTTP Response Splitting via improper sanitization of user-supplied header values and names in the canonicalizeheaders function. An attacker can inject arbitrar...
PT-2026-4842
Name of the Vulnerable Software and Affected Versions Gakido versions prior to 0.1.1 Description Gakido, a Python HTTP client designed for browser impersonation and anti-bot evasion, contains a flaw that allows for HTTP header injection. This occurs due to the lack of proper sanitization of...
MiracleLinux 9 : toolbox-0.0.99.4-6.el9 (AXSA:2023-6916:03)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6916:03 advisory. go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper...
MiracleLinux 9 : buildah-1.31.3-1.el9 (AXSA:2023-6640:04)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6640:04 advisory. golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPA...
MiracleLinux 9 : containernetworking-plugins-1.3.0-4.el9 (AXSA:2023-6651:02)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6651:02 advisory. golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPA...
RockyLinux 8 : container-tools:rhel8 (RLSA-2023:2758)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2758 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-196...
RockyLinux 8 : container-tools:4.0 (RLSA-2023:2802)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2802 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-196...
EUVD-2025-1853
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
Overview django-aws-api-gateway-websockets is a Created to allow Django projects to be used as a HTTP backend for AWS API Gateway websockets Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the lack of sanitization an HTTP header in the...
CVE-2018-14887
Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and to disclose database names via a crafted request...
CVE-2018-20808
An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX...