3714 matches found
PT-2025-44791
Name of the Vulnerable Software and Affected Versions lighttpd version 1.4.80 Description The software improperly merges trailer fields into headers following HTTP request parsing, which can be leveraged to carry out HTTP Header Smuggling attacks. Successful exploitation could allow an attacker t...
AZL-69254 CVE-2025-58186 affecting package golang 1.26.0-1
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...
Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4j2-BugMaker CVE-2021-44228 Log4Shell Vulnerability Dem...
CVE-2025-12346 MaxSite CMS HTTP Header uploads-require-maxsite.php unrestricted upload
A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/autopost/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argument X-Requested-FileName/X-Requested-FileUpDi...
CVE-2025-12346 MaxSite CMS HTTP Header uploads-require-maxsite.php unrestricted upload
A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/autopost/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argument X-Requested-FileName/X-Requested-FileUpDi...
CVE-2025-12346
MaxSite CMS
CVE-2025-59151
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed CRLF injection. When a request is made to a file ending with the .lp extension, t...
CVE-2025-59151
Pi-hole Admin Interface prior to 6.3 is vulnerable to CRLF injection via redirects on requests for files ending with .lp, allowing an attacker to inject arbitrary HTTP response headers and potentially affect session fixation, cache poisoning, and weakening of CSP or X-XSS-Protection. Root cause: ...
CVE-2025-59151 Pi-hole Admin Interface vulnerable to HTTP response header injection via CRLF injection
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed CRLF injection. When a request is made to a file ending with the .lp extension, t...
CVE-2025-12365 Error Messages Wrapped In HTTP Header
Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 have an information disclosure vulnerability that is caused by an error message...
PT-2025-44006
Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-55085
In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...
EUVD-2025-34883
In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...
EUVD-2025-34664
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a lack of complete error checking when the MIME fields of the HTTP header are...
CVE-2025-20359
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause the Snort 3 Detection Engine to crash. This vulnerability is due to an error in the logic of buffer...
CVE-2025-20360
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a lack of complete error checking when the MIME fields of the HTTP header are...
CVE-2025-20360 Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerability
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a lack of complete error checking when the MIME fields of the HTTP header are...
PT-2025-42382
Name of the Vulnerable Software and Affected Versions Cisco Snort 3 affected versions not specified Description A flaw exists in the Snort 3 HTTP Decoder that may allow a remote, unauthenticated attacker to disrupt service. The issue stems from insufficient error checking during the parsing of HT...
CVE-2025-52647
The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks...