CVE-2025-64709

Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...

CVE-2025-20341

The CVE-2025-20341 case involves Cisco Catalyst Center Virtual Appliance. Description and multiple connected sources confirm an Access Control / input-validation flaw that allows an authenticated, remote attacker with at least Observer privileges to escalate to Administrator by sending a crafted ...

PT-2025-46852

Name of the Vulnerable Software and Affected Versions Cisco Catalyst Center Virtual Appliance affected versions not specified Description A flaw exists in Cisco Catalyst Center Virtual Appliance that could allow a remote attacker with valid credentials for a user account with at least the role of...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-2428)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-2400)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-2428)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.307 Vulnerability Details CVEID:CVE-2025-57810 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in C...

CVE-2025-60876

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

AZL-69985 CVE-2025-60876 affecting package busybox 1.35.0-18

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

PT-2025-46190

Name of the Vulnerable Software and Affected Versions BusyBox versions through 1.3.7 Description The software accepts raw CR 0x0D/LF 0x0A and other C0 control bytes within the HTTP request-target path/query. This allows an attacker to split the request line and inject controlled headers...

HTTP Request Smuggling

Http4s is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of the HTTP trailer section, which allows an attacker—when the app is deployed behind a reverse proxy that forwards trailer headers—to bypass front-end security controls, target active users, and poison...

ROS-20251105-07

The vulnerability of Microsoft .NET Framework, .NET software platforms, and Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Exploitation...

ROS-20251105-06

The vulnerability of Microsoft .NET Framework, .NET software platforms, and Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Exploitation...

Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know

On October 14, 2025, Microsoft released a security update addressingCVE-2025-55315, a vulnerability in ASP.NET Core that allows HTTP request smuggling. While request smuggling is a known technique, this security update addresses a scenario with a high CVSS score to help encourage mitigation actio...

CVE-2025-12225 Tenda AC6 HTTP Request WifiGuestSet stack-based overflow

A vulnerability has been found in Tenda AC6 15.03.06.50. This issue affects some unknown processing of the file /goform/WifiGuestSet of the component HTTP Request Handler. Such manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be launched remotely. The...

EUVD-2025-36086

A vulnerability has been found in Tenda AC6 15.03.06.50. This issue affects some unknown processing of the file /goform/WifiGuestSet of the component HTTP Request Handler. Such manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be launched remotely. The...

HTTP Request Smuggling

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Request Smuggling via the CORS middleware, which copies the Vary header from the request to the response when the origin is not set to "". An attacker can influence cache behavior or...

Exploit for HTTP Request Smuggling in Microsoft

CVE-2025-55315 Vulnerability Scanner and TLS Proxy This repos...

Critical: dotnet9.0

Issue Overview: Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate privileges locally. CVE-2025-55247 Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a...

Critical: dotnet8.0

Issue Overview: Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate privileges locally. CVE-2025-55247 Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a...