CVE-2025-50128

Cisco Talos reports a cross-site scripting (XSS) vulnerability in WWBN AVideo 14.4 and the dev master commit 8a8954ff, affecting the videoNotFound.php 404ErrorMsg parameter. A specially crafted HTTP request can cause arbitrary Javascript execution when a user visits a crafted page, enabling poten...

PT-2025-30672 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 14.4 and dev master commit 8a8954ff Description: A race condition exists in the aVideoEncoder.json.php unzip functionality. A series of specially crafted HTTP requests can lead to arbitrary code execution. Recommendations...

Fortinet FortiWeb SQL Injection Vulnerability

Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests...

USN-7643-1: libsoup vulnerabilities

Jan Różański discovered that libsoup incorrectly handled range headers in an HTTP request. An attacker could possibly use this issue to cause libsoup to consume excessive memory, resulting in a denial of service. CVE-2025-32907 Alon Zahavi discovered that libsoup incorrectly handled memory when...

CVE-2025-20288

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...

CVE-2025-20288 Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...

[SECURITY] Fedora 41 Update: python-requests-2.32.4-1.fc41

Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Python=E2=80=99s built-in urllib2 module provides most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy for developers...

[SECURITY] Fedora 42 Update: python-requests-2.32.4-1.fc42

Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Python=E2=80=99s built-in urllib2 module provides most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy for developers...

Vulnerability fixed in FortiWeb

Fortinet has fixed a vulnerability in FortiWeb. The vulnerability allows unauthenticated attackers to execute unauthorized SQL commands by sending specially crafted HTTP requests. This could compromise the integrity and confidentiality of data managed by FortiWeb. For successful misuse, the...

VulnCheck KEV: CVE-2025-25257

An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execu...

Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery

Vulnerability Details Affected Vendor: Schneider Electric Affected Product: EcoStruxure IT Data Center Expert Affected Version: 8.3 and prior Platform: CentOS CWE Classification: CWE-918: Server-Side Request Forgery SSRF CVE ID: CVE-2025-50125 2. Vulnerability Description The Data Center Expert...

CVE-2024-56468

CVE-2024-56468 affects IBM InfoSphere Data Replication VSAM for z/OS Remote Source, specifically the Log Reader Service in version 11.4. A remote attacker can cause a denial of service by sending an invalid HTTP request to the log reading service. Remediation: IBM fixes (IDR 11.4) via fixcentral ...

PT-2025-28796 · Ibm · Infosphere Data Replication Vsam For Z/Os Remote Source

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Data Replication VSAM for z/OS Remote Source version 11.4 Description: IBM InfoSphere Data Replication VSAM for z/OS Remote Source version 11.4 is susceptible to a denial-of-service condition. A remote user can trigger this iss...

CVE-2025-47228

In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests...

ROS-20250703-12

A vulnerability in the HTTP Requests library of the Python Requests programming language is related to the fact that the library passes .netrc credentials to third parties for certain malicious URLs. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data...

CVE-2025-40710

Host Header Injection HHI vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such applications do not present this vulnerability per se, the use of the tunnel, together with a forged Ho...

CVE-2025-27022

A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all files on the target...

CVE-2025-34051 AVTECH DVR Devices Server-Side Request Forgery

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests...

CVE-2025-34051 AVTECH DVR Devices Server-Side Request Forgery

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests...

CVE-2025-40710 Host Header Injection (HHI) in the Hotspot Shield VPN client

Host Header Injection HHI vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such applications do not present this vulnerability per se, the use of the tunnel, together with a forged Ho...