PT-2025-51296

Name of the Vulnerable Software and Affected Versions Member Login Script version 3.3 Description The software contains a client-side desynchronization issue related to how HTTP requests are handled. Specifically, the vulnerability stems from the parsing of the Content-Length header. An attacker...

CVE-2025-67725

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

Tornado 安全漏洞

Tornado is a Python web framework and asynchronous networking library from the Chinese Tornado Technology Tornado community. The library scales to thousands of open connections through the use of non-blocking network I/O, making it well suited for long-time polling, WebSockets, and other...

Linux Distros Unpatched Vulnerability : CVE-2025-66577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to...

CVE-2025-66570

cpp-httplib is affected by CVE-2025-66570 through headers handling in httplib.h prior to 0.27.0. Attacker-controlled HTTP headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT can be parsed into the request header multimap by read_headers(), then reused by Server::process_request, potent...

RockyLinux 8 : container-tools:rhel8 (RLSA-2023:2758)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2758 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-196...

CVE-2025-62691

Security Point Windows of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege...

CVE-2025-62691

Security Point Windows of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege...

CVE-2025-62691

Security Point Windows of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege...

CVE-2025-62691

Affected software : Security Point (Windows) of MaLion and MaLionCloud. Vulnerability : stack-based buffer overflow while processing HTTP headers, enabling a remote unauthenticated attacker to execute arbitrary code with SYSTEM privileges. Impact : arbitrary code execution with SYSTEM rights on v...

CVE-2025-13434 jameschz Hush Framework HTTP Host Header Util.php http headers for scripting syntax

A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $SERVER'HOST' causes improper neutralization of http headers for scriptin...

TencentOS Server 3: libsoup (TSSA-2024:0904)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0904 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 4: nodejs20 (TSSA-2025:0415)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0415 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: libsoup3 (TSSA-2025:0587)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0587 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics Advanced Certified Containers

Summary Multiple vulnerabilities were addressed in IBM Planning Analytics Advanced Certified Containers 3.1.2. Vulnerability Details CVEID:CVE-2025-23166 DESCRIPTION: The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a...

CVE-2024-47866 RGW DoS attack with empty HTTP header in S3 object copy

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

Linux Distros Unpatched Vulnerability : CVE-2025-60876

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line to be split an...

HTTP Header Injection

Overview Affected versions of this package are vulnerable to HTTP Header Injection via the processing of HTTP headers containing underscores, which are normalized to dashes by certain upstream applications. Authenticated users can escalate privileges by injecting specially crafted XForwarded-...

DEBIAN-CVE-2025-60876

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

CVE-2025-60876

CVE-2025-60876 affects BusyBox wget up to 1.3.7. The issue stems from accepting raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target, allowing the request-line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape, a raw s...