CVE-2025-3462

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security Update for ASUS...

CVE-2025-3462

ASUS DriverHub (pre‑1.0.6.0) contains an insufficient validation/origin-check vulnerability in HTTP handling that can let untrusted sources interact with driver features; some reports describe potential remote code execution via crafted HTTP requests and manipulated AsusSetup.ini during silent in...

USN-7503-1: h11 vulnerability

Jeppe Bonde Weikop discovered that h11 incorrectly handled crafted HTTP requests. A remote attacker could possibly use this issue to smuggle malicious HTTP requests, which could potentially lead to security control bypass and information leakage...

USN-7503-1 python-h11 vulnerability

Jeppe Bonde Weikop discovered that h11 incorrectly handled crafted HTTP requests. A remote attacker could possibly use this issue to smuggle malicious HTTP requests, which could potentially lead to security control bypass and information leakage...

BIT-KIBANA-2025-25014 Kibana arbitrary code execution via prototype pollution

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints...

BIT-ELK-2025-25014 Kibana arbitrary code execution via prototype pollution

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints...

CVE-2025-20223

A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insufficient enforcement of access control on HTTP...

CVE-2025-20196

A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service DoS condition. This...

CVE-2025-20196

A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service DoS condition. This...

CVE-2025-20196

CVE-2025-20196 affects the Cisco IOx application hosting environment within Cisco IOS Software and Cisco IOS XE Software. The issue arises from improper handling of HTTP requests, allowing unauthenticated, remote attackers to cause the IOx environment to stop responding (DoS); the environment mus...

CVE-2025-20196

A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service DoS condition. This...

CVE-2025-20223

The CVE-2025-20223 entry concerns Cisco Catalyst Center (formerly Cisco DNA Center). Affected component: internal service repository accessed via HTTP. Root cause: insufficient enforcement of access control on HTTP requests, enabling an authenticated, remote attacker to read and modify data handl...

Cisco IOx Application Hosting Environment Denial of Service Vulnerability

A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service DoS condition. This...

Cisco Catalyst Center Insufficient Access Control Vulnerability

A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insufficient enforcement of access control on HTTP...

PT-2025-20268 · Cisco · Cisco Ios Xe +2

Name of the Vulnerable Software and Affected Versions: Cisco IOS Software and Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Cisco IOx application hosting environment could allow an unauthenticated, remote attacker to cause the environment to stop...

Radware Cloud Web Application Firewall Vulnerable to Filter Bypass

Overview The Radware Cloud Web Application Firewall is vulnerable to filter bypass by multiple means. The first is via specially crafted HTTP request and the second being insufficient validation of user-supplied input when processing a special character. An attacker with knowledge of these...

CVE-2025-25014

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints...

CVE-2025-25014 Kibana arbitrary code execution via prototype pollution

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints...

CVE-2025-25014 Kibana arbitrary code execution via prototype pollution

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints...

CVE-2025-25014

KIBANA: CVE-2025-25014 is a prototype-pollution vulnerability in Kibana that enables arbitrary code execution via crafted HTTP requests to the Machine Learning or Reporting endpoints. Public details indicate exploitation is possible remotely over the network with low complexity and requires high ...