736 matches found
CLSA-2026-1772192033 python2: Fix of 2 CVEs
CVE-2026-1299: raise exceptions for malformed input to prevent processing invalid or dangerous headers - CVE-2024-6923: encode newlines in headers and verify headers are sound...
CLSA-2026-1772146785 httpd: Fix of CVE-2024-42516
CVE-2024-42516: fix HTTP response splitting by reordering header validation to occur after full response header assembly...
CLSA-2026-1772101499 httpd: Fix of CVE-2024-42516
CVE-2024-42516: fix HTTP response splitting by reordering header validation to occur after full response header assembly...
CLSA-2026-1772101256 httpd: Fix of CVE-2024-42516
CVE-2024-42516: fix HTTP response splitting by reordering header validation to occur after full response header assembly...
Server-side Request Forgery (SSRF)
Overview @angular/build is an Official build system for Angular Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request handling pipeline due to improper validation of user-controlled HTTP headers such as Host and X-Forwarded-. An attacker can redirect...
Server-side Request Forgery (SSRF)
Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request handling pipeline due to improper validation of user-controlled HTTP headers such as Host and X-Forwarded-. An attacker can...
Server-side Request Forgery (SSRF)
Overview @angular-devkit/build-angular is an Angular Webpack Build Facade Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request handling pipeline due to improper validation of user-controlled HTTP headers such as Host and X-Forwarded-. An attacker ca...
PT-2026-21966
Name of the Vulnerable Software and Affected Versions Angular SSR versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 Description Angular SSR, a server-side rendering tool for Angular applications, contains a Server-Side Request Forgery SSRF issue in its request handling pipeline. The...
CVE-2025-68930
Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability in the /api/socket endpoint. The application fails to validate the Origin header during the WebSocket handshake. This allows a remote attacker to bypass...
📄 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner
This C++ scanner analyzes DNG Digital Negative files for the CVE-2025-58478 type confusion vulnerability in the libimagecodec.quram.so library used on Samsung devices...
Apache Tomcat 输入验证错误漏洞
Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Vulnerabilities exist in versions of Apache Tomcat from 11.0.0-M1 to 11.0.14, from 10.1.0-M1 to 10.1.49, from 9.0.0-M1 to 9.0.11...
Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2025-39787)
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2026-1536: Always validate the headers value when coming from untrusted source to avoid HTTP header injection. bsc1257440 CVE-2026-1761: Check length of bytes read in soupfilterinputstreamreaduntil to avoid a stack-based buffer overflow...
php: Stream HTTP wrapper header check might omit basic auth header
A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...
CVE-2025-66596
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows:...
Server-side Request Forgery (SSRF)
Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper validation of apiurl and apikey fields in baggage headers in RunTree.fromheaders and...
CVE-2025-66596
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows:...
CVE-2025-66596
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows:...
Yokogawa FAST/TOOLS 安全漏洞
Yokogawa FAST/TOOLS is a real-time operation management and visualization software developed by Yokogawa Electric Corporation. There are security vulnerabilities in the Yokogawa FAST/TOOLS R9.01 to R10.04 versions. These vulnerabilities stem from improper validation of request headers, which may...
PT-2026-7061
Name of the Vulnerable Software and Affected Versions FAST/TOOLS versions R9.01 through R10.04 Description The software does not properly validate request headers. An attacker inserting an invalid host header could redirect users to malicious sites. The vulnerable component is susceptible to host...