CVE-2025-71031

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...

CVE-2025-7760 Reflected XSS in Ofisimo's Association Web Package Flora

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers. This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The...

CVE-2025-7760

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers. This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The...

EUVD-2025-206770

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers.This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The...

CVE-2025-7760

CVE-2025-7760 affects Ofisimo Web-Based Software Technologies Association Web Package Flora (versions 3.0 through 03022026). The issue stems from improper input handling during web page generation, enabling cross-site scripting via HTTP headers. Red Hat and other sources corroborate the same desc...

Insufficiently Protected Credentials

Overview kimai-mcp is a MCP server for Kimai time-tracking API integration Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the HTTP response handling logic that sets the X-Session-ID header. An attacker can hijack user sessions by observing session...

CVE-2025-7713

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers.This issue affects Content Management System CMS: through 21072025...

EUVD-2025-206545

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers.This issue affects Content Management System CMS: through 21072025...

CVE-2025-7713

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers. This issue affects Content Management System CMS: through 21072025...

CVE-2025-7713 Reflected XSS in Global Medya's PHP CMS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers. This issue affects Content Management System CMS: through 21072025...

Global Interactive Design Media Content Management System Cross-Site Script Vulnerability

Global Interactive Design Media Content Management System is a content management system developed by the Turkish company Global Interactive Design Media. Versions of the Global Interactive Design Media Content Management System prior to version 21072025 contained a cross-site scripting...

BIT-LIBPYTHON-2026-0865 wsgiref.headers.Headers allows header newline injection

User-controlled header names and values containing newlines can allow injecting HTTP headers...

Security update for python-tornado

This update for python-tornado fixes the following issues: CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values bsc1254905. CVE-2025-67726: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254904. Patch Instruction...

SUSE-SU-2026:0222-1 Security update for python-tornado

This update for python-tornado fixes the following issues: - CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values bsc1254905. - CVE-2025-67726: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254904...

DEBIAN-CVE-2026-0865

User-controlled header names and values containing newlines can allow injecting HTTP headers...

CVE-2026-0865

User-controlled header names and values containing newlines can allow injecting HTTP headers...

CVE-2026-0865

User-controlled header names and values containing newlines can allow injecting HTTP headers...

CVE-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

CVE-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. There are security vulnerabilities in Node.js, which stem from unhandled TLSSocket errors when processing malformed HTTP/2 HEADERS frames. These vulnerabilities can lead to process crashes...