CVE-2025-27726

Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a...

CVE-2025-1736 Stream HTTP wrapper header check might omit basic auth header

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...

CVE-2025-2825

CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability in the S3 authorization header processing that allows authentication bypass. Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and conduct...

CVE-2025-27726

The CVE-2025-27726 entry describes a path traversal in the USB storage file-sharing function of the HGW-BL1500HM router (versions 002.002.003 and earlier). The underlying issue allows a crafted HTTP request from a LAN-connected device to obtain and/or alter the product’s files. Affected component...

CVE-2025-27716

CVE-2025-27716 affects HGW-BL1500HM (Ver 002.002.003 and earlier) and is a path traversal vulnerability in the USB storage file-sharing function. The issue arises in the file/folder listing path handling, allowing a crafted HTTP request from a LAN-connected device to obtain and/or alter product f...

Azure Linux 3.0 Security Update: python-twisted (CVE-2023-46137)

The version of python-twisted installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-46137 advisory. - Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when...

CVE-2025-2825 CrushFTP HTTP Unauthenticated Access

CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability in the S3 authorization header processing that allows authentication bypass. Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and conduct...

CVE-2025-2825

...

CVE-2025-2825

CVE-2025-2825 is tied to a CrushFTP authentication bypass vulnerability. Affected products: CrushFTP Server versions 10.x before 10.8.4 and 11.x before 11.3.1. Exploitation could allow account takeover due to bypassed authorization in the login/auth flow. Remediation (if the record applies): upgr...

Denial Of Service (DoS)

litellm is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of multipart boundaries, allowing an attacker to append characters in HTTP requests, leading to excessive resource consumption and service unavailability...

Silicon Gecko OS 安全漏洞

Silicon Gecko OS is a highly optimized and feature-rich IoT operating system from Silicon. A security vulnerability exists in Silicon Gecko OS that stems from a stack buffer overflow in HTTP request processing that could lead to remote code execution...

BIT-VARNISH-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

The vulnerability of the check_dws_cookie() function in the wireless repeater software of D-Link DAP-1620 allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the checkdwscookie function in the wireless repeater software developed by D-Link DAP-1620 lies in the fact that the operation’s output escapes the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code or cause a service failu...

The vulnerability of the set_ws_action() function in D-Link DAP-1620 wireless repeater software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the setwsaction function in D-Link DAP-1620 wireless repeater microprogramming software lies in the fact that the operation’s output escapes the buffer and enters memory. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and...

CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

CVE-2025-30346

Varnish Cache and Varnish Enterprise are affected by CVE-2025-30346: a HTTP/1 client-side desync vulnerability that can be triggered by malformed HTTP/1 requests. Affected versions are Varnish Cache prior to 7.6.2 and Varnish Enterprise prior to 6.0.13r10. The vulnerability description in connect...