3 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-10491
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data i...
CVE-2025-48936 ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection
Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...
Express.js 安全漏洞
Express.js is a fast, unconstrained, minimalist web framework for Node.js open sourced by expressjs. A security vulnerability exists in Express.js 3.21.2 and earlier versions, which stems from a response.links function that can inject arbitrary resources in the Link header when using unaudited da...