330 matches found
EUVD-2018-0315
Malware in sbrugna...
EUVD-2015-0702
Malware in sbrugna...
EUVD-2016-2395
Malware in sbrugna...
EUVD-2022-48798
Malicious code in bioql PyPI...
EUVD-2023-0955
Malicious code in bioql PyPI...
EUVD-2022-48283
Malicious code in bioql PyPI...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the login process when multi-factor authentication is enabled. An attacker can gain unauthorized access by submitting valid credentials and changing the HTTP method from POST ...
AirPlay Service Detection
TCP based detection of services supporting the AirPlay protocol. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
VulnCheck KEV: CVE-2011-4085
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...
SUSE CVE-2025-26803
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
CVE-2024-55945
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2023-43810
OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label httpmethod that has unbound cardinality. It...
CVE-2022-45956
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism...
CVE-2021-43807
Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE...
CVE-2021-31402
The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669...
CVE-2020-35175
Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API...
Denial Of Service (DoS)
Passenger is vulnerable to Denial Of Service DoS. The vulnerability is due to an issue in the HTTP parser during the parsing of a request with an invalid HTTP method, allowing an attacker to exploit this issue...
BIT-PASSENGER-NGINX-MODULE-2025-26803
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
Phusion Passenger denial of service
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
GHSA-2CJ2-QQXJ-5M3R Phusion Passenger denial of service
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...