Versa Concerto Actuator Endpoint - Authentication Bypass

An authentication bypass vulnerability affected the Spring Boot Actuator endpoints in Versa Concerto due to improper handling of the X-Real-Ip header.Attackers could access restricted endpoints by omitting this header.The issue allowed unauthorized access to sensitive functionality, highlighting...

CVE-2026-32913

OpenClaw prior to version 2026.3.7 has an improper header validation in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. This allows an attacker to trigger redirects to different origins and intercept headers such as X-Api-Key and Private-Token intended...

CVE-2024-6827 HTTP Request Smuggling in benoitc/gunicorn

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

openSUSE 15 Security Update : phpMyAdmin (openSUSE-SU-2025:0081-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0081-1 advisory. Update to version 5.2.2: - CVE-2025-24530: XSS in the 'Check Tables' feature bsc1236312. - CVE-2025-24529: XSS in the 'Insert' tab bsc1236311. -...

OPENSUSE-SU-2025:0081-1 Security update for phpMyAdmin

This update for phpMyAdmin fixes the following issues: Update to version 5.2.2: - CVE-2025-24530: XSS in the 'Check Tables' feature bsc1236312. - CVE-2025-24529: XSS in the 'Insert' tab bsc1236311. - CVE-2024-2961: glibc/iconv: out-of-bounds writes when writing escape sequences bsc1222992. -...

SUSE-SU-2024:2629-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Updated to version 11.0.24+8 July 2024 CPU: - CVE-2024-21131: Fixed a potential UTF8 size overflow bsc1228046. - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length bsc1228047. - CVE-2024-21140: Fixed a pre-loop limit...

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Summary Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers. Details Outbound trilliumhttp::HeaderValue and trilliumhttp::HeaderName can be constructed infallibly a...

Improper Header Validation

libopendkim.so is vulnerable to Improper Header Validation. The vulnerability exists due to the default setting used for the KeepAuthResults parameter in opendkim.c, which fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, allowing an attacker to send...

Improper header validation in httpsoft/http-message

Impact Improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. Patches The issue is patched in 1.0.12. Workarounds The...

PT-2023-32955 · Unknown · Codeigniter

Name of the Vulnerable Software and Affected Versions: CodeIgniter versions prior to 4.5.8 Description: The issue is related to improper header validation for the name and value, which could allow a potential attacker to construct deliberately malformed headers using the Header class. This could...

Machform 注入漏洞

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. An HTTP host header injection vulnerability exists in versions prior to Machform 16. The vulnerability stems from improper validation of the host header. An attack...