734 matches found
CVE-2025-53007 arduino-esp32 vulnerable to CRLF injection in WebServer.cpp
arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoi...
Cross-site WebSocket Hijacking
webpack-dev-server is vulnerable to Cross-site WebSocket hijacking. The vulnerability is due to improper Origin header validation, which permits IP address origins, allows attackers to hijack WebSocket connections and steal source code via malicious websites...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' due to the improper validation of X-Forwarded-For and Forwarded headers forwarded from untrusted proxies. An attacker can manipulate the server's behavior by sending crafted headers fro...
CVE-2025-24013
CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or...
CVE-2023-2848
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...
CVE-2023-7080
The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary cod...
CVE-2022-20688
A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart. This vulnerability is due ...
CVE-2022-22757
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...
DEBIAN-CVE-2025-3887
GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...
php: Stream HTTP wrapper header check might omit basic auth header
A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...
php: Stream HTTP wrapper header check might omit basic auth header
A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...
[SECURITY] [DLA 4151-1] golang-github-gorilla-csrf security update
-------------------------------------------------------------------------- Debian LTS Advisory DLA-4151-1 [email protected] https://www.debian.org/lts/security/ Andrej Shadura May 01, 2025 https://wiki.debian.org/LTS -...
php: Stream HTTP wrapper header check might omit basic auth header
A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...
Validation Bypass
Fastify is vulnerable to validation bypass. The vulnerability is due to improper normalization and matching of the Content-Type header, allowing attackers to evade validation by altering casing or whitespace...
CLSA-2025-1744782851 php: Fix of CVE-2025-1736
CVE-2025-1736: add checking of http user header crlf...
CVE-2022-43847
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...
BIT-PHP-MIN-2025-1736 Stream HTTP wrapper header check might omit basic auth header
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...
PYSEC-2025-171
A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/AssetLib/MD3/MD3Loader.cpp of the component File Handler. The manipulation leads to heap-based buffer...
IBM Aspera Console 安全漏洞
IBM Aspera Console is a Web-based application from International Business Machines IBM, Inc. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A security vulnerability exists in IBM Aspera Console 3.4.4 and prior versions, which stems from improper...
libsoup 安全漏洞
libsoup is a GNOME HTTP client/server library from the GNOME Project. A security vulnerability exists in libsoup that stems from an HTTP/2 server that does not fully validate pseudo header values, which could lead to a denial of service...