734 matches found
CVE-2024-7819
A CVE-2024-7819 entry concerns danswer-ai/danswer v1.4.1. The vulnerability is a CORS misconfiguration caused by improper validation of the origin header, enabling malicious web pages to issue unauthorized requests to the application's API and potentially disclose sensitive data (e.g., chat conte...
CLSA-2025-1742319123 java-11-openjdk: Fix of 11 CVEs
Upgrade to openjdk-11.0.26+4. The following CVEs were fixed: - CVE-2024-21131: potential UTF8 size overflow - CVE-2024-21138: excessive symbol length can lead to infinite loop - CVE-2024-21140: range Check Elimination RCE pre-loop limit overflow - CVE-2024-21144: Pack200 increase loading time due...
SUSE CVE-2025-1736
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...
Linux Distros Unpatched Vulnerability : CVE-2024-35973
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve6xmitskb syzbot is able to trigger an uninit-value in...
openSUSE 15 Security Update : phpMyAdmin (openSUSE-SU-2025:0081-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0081-1 advisory. Update to version 5.2.2: - CVE-2025-24530: XSS in the 'Check Tables' feature bsc1236312. - CVE-2025-24529: XSS in the 'Insert' tab bsc1236311. -...
OPENSUSE-SU-2025:0081-1 Security update for phpMyAdmin
This update for phpMyAdmin fixes the following issues: Update to version 5.2.2: - CVE-2025-24530: XSS in the 'Check Tables' feature bsc1236312. - CVE-2025-24529: XSS in the 'Insert' tab bsc1236311. - CVE-2024-2961: glibc/iconv: out-of-bounds writes when writing escape sequences bsc1222992. -...
CVE-2024-37359
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. CWE-918 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 an...
CVE-2024-37359
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. CWE-918 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0...
CVE-2024-37359
Hitachi Vantara Pentaho Business Analytics Server is affected by a server-side request forgery issue due to not validating the Host header of incoming HTTP/HTTPS requests. Affected versions include Pentaho Server prior to 10.2.0.0 and 9.3.0.9, including 8.3.x. The issue allows an attacker to prov...
CVE-2024-37359 Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. CWE-918 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0...
WatchGuard Fireware OS 安全漏洞
WatchGuard Fireware OS is a software from WatchGuard USA that runs on Firebox. A security vulnerability exists in WatchGuard Fireware OS versions 12.0 through 12.11, which stems from improper validation of the HTTP Host header and could lead to cache poisoning or malicious redirection...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the X-Islandora-Args header. An attacker can execute arbitrary code on the server by sending a crafted request containing malicious inp...
Exploit for Improper Control of Dynamically-Managed Code Resources in Lightningai Pytorch_Lightning
CVE-2024-5452 01. RCE 와 pytorch-lightning 개요 - 1 RCE 와...
CVE-2024-55926
A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data...
PT-2025-3153 · Xerox · Xerox Workplace Suite
Name of the Vulnerable Software and Affected Versions: Xerox Workplace Suite versions prior to 5.6.701.9 Description: The issue involves an API security bypass through header manipulation. In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the "Host"...
Interpretation Conflict
Overview codeigniter4/framework is a PHP full-stack web framework that is light, fast, flexible, and secure. Affected versions of this package are vulnerable to Interpretation Conflict due to a lack of validations of the header name and value. Workaround Users who are unable to upgrade to the fix...
Missing validation of header name and value in codeigniter4/framework
Impact Lack of proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or generating invalid HTTP requests. In some cases, these malformed...
GHSA-X5MQ-JJR3-VMX6 Missing validation of header name and value in codeigniter4/framework
Impact Lack of proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or generating invalid HTTP requests. In some cases, these malformed...
CVE-2025-24013
CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or...
CVE-2025-24013 CodeIgniter validation of header name and value
CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or...