CVE-2025-32756

A stack-based buffer overflow vulnerability CWE-121 vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8,...

Important: libsoup

Issue Overview: A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server. CVE-2025-32906 A flaw was found in libsoup. The implementation of...

CVE-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

PT-2025-21129 · Varnish +4 · Varnish Enterprise +5

Name of the Vulnerable Software and Affected Versions: Varnish Cache versions 7.6.3 and earlier, 7.7.0 Varnish Enterprise versions 6.0.13r13 and earlier Description: The issue allows client-side desync via HTTP/1 requests. This occurs because the product incorrectly permits CRLF to be skipped to...

CVE-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

FreeBSD : www/varnish7 -- Request Smuggling Attack (89c668d5-2f80-11f0-9632-641c67a117d8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 89c668d5-2f80-11f0-9632-641c67a117d8 advisory. The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish...

CVE-2025-47905

CVE-2025-47905 affects Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14. The issue enables client-side desynchronization via HTTP/1 requests because CRLF can be skipped to delimit chunk boundaries. This description comes from the CVE entry and correlated ad...

CVE-2025-32756

A stack-based buffer overflow vulnerability CWE-121 vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8,...

CVE-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

The vulnerability of the Certificates and Keys module of the Device Admin App for the ctrlX OS operating system allows a perpetrator to write arbitrary files.

The vulnerability of the Certificates and Keys module in the Device Admin app of the ctrlX OS operating system is related to an incorrect limitation on the path name to the directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files by sending specially crafted HTTP...

www/varnish7 -- Request Smuggling Attack

The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish Cache and Varnish Enterprise. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 requests. An attacker can abuse a flaw in Varnish's handling of chunked...

CVE-2025-3462

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security Update for ASUS...

CVE-2025-3463

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub'...

CVE

It is an offensive tool for Linux. This repository appears to be...

CVE-2025-20223

A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insufficient enforcement of access control on HTTP...

CVE-2025-3463

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub'...

CVE-2025-3462

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security Update for ASUS...

CVE-2025-3463

CVE-2025-3463 concerns ASUS DriverHub, a driver-management tool. The issue is an insufficient validation in handling HTTP requests (and related certificate handling in some reports) that could allow an untrusted source to influence driver updates or software behavior, potentially enabling remote ...

CVE-2025-3463

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub'...

CVE-2025-3463

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub'...