CVE-2024-34711 GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)

GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities XEE attack, then send GET request to any HTTP server. By default, GeoServer use...

Path traversal vulnerability in functional web frameworks (CVE-2024-38819)

Spring Framework is vulnerable to a path traversal issue due to a lack of sufficient sanitization of path sequences processed by the WebMvc.fn or WebFlux.fn functional web frameworks. A remote attacker could submit crafted HTTP requests to an application that serves static resources through the...

CVE-2025-20129

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform CCP, formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent...

Cisco Customer Collaboration Platform Information Disclosure Vulnerability

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform CCP, formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent...

PT-2025-23817 · Cisco · Cisco Customer Collaboration Platform

Name of the Vulnerable Software and Affected Versions: Cisco Customer Collaboration Platform CCP versions not specified Description: A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform CCP could allow an unauthenticated, remote attacker to persuade users to...

ASUS DriverHub < 1.0.6.0 Multiple Vulnerabilities

ASUS DriverHub, a driver management tool, installed on the the remote host is a version prior to 1.0.6.0 and, therefore, is affected by multiple vulnerabilities: - An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP...

varnish: request smuggling attacks

A vulnerability was found in Varnish Cache. This vulnerability may allow request smuggling attacks, where a malicious actor can craft seemingly legitimate HTTP requests. This issue could result in an unspecified system caching incorrect content that can expose confidential information...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : libsoup vulnerabilities (USN-7543-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7543-1 advisory. Jan Raski discovered that libsoup incorrectly handled certain headers when sending HTTP/2...

BIT-VARNISH-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

Exploit for CVE-2025-25014

POC for CVE-2025-25014 A Prototype pollution vulnerability in...

OESA-2025-1556 varnish security update

This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x,...

CVE-2024-47854

An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user...

CVE-2024-21753

A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or...

CVE-2024-23662

An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests...

CVE-2024-1884

This is a Server-Side Request Forgery SSRF vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing...

CVE-2024-23667

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...

CVE-2024-31491

A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests...

CVE-2024-32117

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a...

CVE-2024-31490

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2.2 through 3.2.4, FortiSandbox 3.1.5 allows attacker to information disclosure via HTTP get...

CVE-2024-35538

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...