579 matches found
CVE-2024-6827 HTTP Request Smuggling in benoitc/gunicorn
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
CVE-2024-6827 HTTP Request Smuggling in benoitc/gunicorn
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
Unspecified Vulnerability in Mozilla Firefox for iOS (CNVD-2025-05232)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox for iOS that originates from an unrecognized QR code link. An attacker could exploit this vulnerability potentially causing integrity to be compromise...
CVE-2025-21590 Junos OS: An local attacker with shell access can execute arbitrary code
An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affecte...
CVE-2025-21590
An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affecte...
Linux Distros Unpatched Vulnerability : CVE-2021-44512
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling...
CVE-2025-25201
Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...
CVE-2025-25201
CVE-2025-25201 concerns Nitrokey 3 Firmware. The PIV application could accept invalid keys for authentication of the admin key in releases up to 1.8.0 (and certain pre-1.8.0 test builds), allowing an attacker without the proper admin key to generate new keys and overwrite certificates, compromisi...
CVE-2025-25201 Improper Validation of Admin Key in PIV Smartcard
Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...
CVE-2024-6036
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the /queue/join? endpoint with "fnindex":66. This unrestricted server restart capability can severely disrupt service availability, cause data loss or...
CVE-2024-55879
XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of XWiki.ConfigurableClass to any page. This compromises the confidentiality, integrity and...
CVE-2024-0549
mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input...
CVE-2025-24966
CVE-2025-24966 concerns the reNgine web-app reconnaissance framework. The issue is HTML Injection in the Add Target functionality, where the Target Organization and Target Description fields improperly validate or sanitize input, allowing arbitrary HTML payloads. The injected HTML is rendered in ...
CVE-2025-24966 HTML Injection in reNgine
reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the...
CVE-2024-23928
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telematics functionality, which...
CVE-2024-23928
CVE-2024-23928 affects Pioneer DMH-WT7600NEX telematics over HTTPS, due to improper validation of the server certificate. This enables network-adjacent attackers (no authentication required) to compromise the integrity of downloaded information and, in combination with other vulnerabilities, exec...
Advisory ROSA-SA-2025-2634
Software: OpenImageIO 2.2.20.0 OS: ROSA-CHROME packageevrstring: OpenImageIO-2.2.20.0-6 CVE-ID: CVE-2023-36183 BDU-ID: 2023-07656 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the readimg function of the OpenImageIO image processing library involves buffer copying without input validation...
CVE-2024-43658
CVE-2024-43658 concerns Iocharger Home firmware prior to 25010801. The issue is a patch traversal/external control of file name or path vulnerability that allows an authenticated attacker to delete arbitrary files on the charging station, potentially removing binaries and compromising integrity a...
Unspecified vulnerability in Huawei HarmonyOS and EMUI HiView module
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A security vulnerability exists in Huawei HarmonyOS an...
Huawei EMUI and HarmonyOS File Replacement Vulnerability
Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. A file replacement vulnerability exists in Huawei EMUI and HarmonyOS. An attacker could exploit this vulnerabilit...