Lucene search
+L

245 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:14 a.m.10 views

CVE-2024-28894

Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 headers exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet...

5.3CVSS6.9AI score0.00539EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.7 views

CVE-2023-0040

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

7.5CVSS7.1AI score0.00549EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:18 a.m.10 views

CVE-2022-4550

The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing...

7.5CVSS6.7AI score0.00658EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:54 p.m.11 views

CVE-2021-35503

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...

6.1CVSS5.7AI score0.00712EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:37 p.m.7 views

CVE-2021-32813

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation,...

8.1CVSS6.8AI score0.011EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:40 p.m.9 views

CVE-2020-1944

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions...

9.8CVSS6.7AI score0.02667EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:8 a.m.7 views

CVE-2019-14457

VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header...

9.8CVSS7.7AI score0.02649EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:5 a.m.7 views

CVE-2019-13169

Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device...

10CVSS8.3AI score0.02694EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:58 a.m.7 views

CVE-2019-12131

An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USERID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected...

9.1CVSS7.1AI score0.01184EPSS
Exploits1References1
Hacker One
Hacker One
added 2025/05/22 1:15 a.m.628 views

curl: Memory Leak in libcurl via Location Header Handling (CWE-770)

Summary: This report details a memory leak vulnerability in libcurl that occurs when processing HTTP 3xx redirect responses containing a Location: header. Specifically, the memory allocated for the Location: header's value is not properly deallocated when the Curleasy handle is reused for...

7.1AI score
Exploits0
Debian CVE
Debian CVE
added 2025/05/19 1:25 a.m.22 views

CVE-2025-23167

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

6.5CVSS6.8AI score0.00466EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2025/05/13 2:0 p.m.4 views

php: Streams HTTP wrapper does not fail for headers with invalid name and no colon

A flaw was found in PHP. This vulnerability allows applications to accept invalid headers via malformed HTTP headers missing a colon :, which may confuse applications into processing them as valid headers...

6.3CVSS5.7AI score0.00481EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/07 7:4 a.m.4 views

libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

9CVSS7.3AI score0.0091EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/05/06 7:0 a.m.8 views

CVE-2025-4328 fp2952 spring-cloud-base HTTP Header MvcController.java sendBack redirect

A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...

5.1CVSS4.1AI score0.00268EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/18 12:0 a.m.5 views

IBM i 安全漏洞

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. IBM i suffers from a Content Neutralization Malpractice vulnerability that originates from a HTTP header Content Neutralization Malpractice, which can be exploited by a...

5.4CVSS6.7AI score0.00271EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/30 5:43 a.m.21 views

CVE-2025-1734 Streams HTTP wrapper does not fail for headers with invalid name and no colon

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers missing a colon : are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers...

6.3CVSS0.00481EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/27 4:0 a.m.23 views

CVE-2025-2833 zhangyd-c OneBlog HTTP Header redos

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...

6.9CVSS0.00672EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/03/07 4:47 p.m.24 views

CVE-2023-35894 IBM Control Center HOST header injection

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

5.4CVSS0.0022EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/02/21 10:14 p.m.11 views

Leantime has Host Header Injection Vulnerability

Summary A host header injection vulnerability has been identified in the user details viewing functionality of the system. This vulnerability allows an attacker to manipulate the host header in HTTP requests, thereby gaining unauthorized access to view details of other users...

7.2AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/17 12:0 a.m.12 views

The vulnerability of the Header MVC framework for developing web systems and applications in CodeIgniter allows a attacker to trigger a service failure.

The vulnerability of the Header MVC framework used for developing web systems and applications in CodeIgniter relates to conflicts in interpretation when processing HTTP headers’ names and values. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

5.3CVSS5.4AI score0.00477EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder