python: Python: HTTP header injection via CR/LF in proxy tunnel headers

A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...

python: Python: HTTP header injection via CR/LF in proxy tunnel headers

A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...

Paradigma Valentina Studio 安全漏洞

Paradigma Valentina Studio is a powerful general-purpose database management and data modeling tool developed by Paradigma Corporation. Version 9.0.4 of Paradigma Valentina Studio contains a security vulnerability. This vulnerability stems from a denial-of-service vulnerability in the host fields...

CVE-2019-25327

Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110...

Stored Cross-Site Scripting (XSS)

Liferay Portal is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Instance Configuration’s CDN Host HTTP and CDN Host HTTPS text fields, which allows an authenticated instance administrator to inject arbitrary web scripts or HTML into al...

EUVD-2025-29168

Malicious code in bioql PyPI...

CVE-2025-43794

Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote authenticated attackers...

Liferay Portal has stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote authenticated attacke...

GHSA-R45V-2289-JGR4 Liferay Portal has stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote authenticated attacke...

CVE-2025-43794

Affected products/versions: Liferay Portal 7.4.0–7.4.3.111 and older unsupported releases; Liferay DXP 2023.Q3.1–2023.Q3.4, 2023.Q4.0, 7.4 GA–update 92, 7.3 GA–update 35. Vulnerability: Stored cross-site scripting (XSS) via the Instance Configuration’s (1) CDN Host HTTP field or (2) CDN Host HTTP...

CVE-2025-43794

Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote authenticated attackers...