CVE-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

Zlib compressed protocol header length confusion may allow memory read

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

EUVD-2025-30998

Malicious code in bioql PyPI...

CVE-2025-11155 WEAK ENCODING FOR PASSWORD IN DEVICE SERVER CONFIGURATION

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

CVE-2025-21488 Buffer Over-read in Data Network Stack & Connectivity

Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set...

PT-2025-38114

Name of the Vulnerable Software and Affected Versions Quiz Maker plugin for WordPress versions prior to 6.7.0.57 Description The Quiz Maker plugin for WordPress is susceptible to SQL Injection due to insufficient escaping of user-supplied data and inadequate preparation of existing SQL queries...

CLSA-2025-1756323821 php: Fix of CVE-2025-1736

CVE-2025-1736: fix incorrect validation of CRLF in http headers...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttlin...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling wh...

CVE-2024-10604 Identifiable Header Values In Fuchsia Leading To Tracking of The User

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances...

CVE-2024-10604 Identifiable Header Values In Fuchsia Leading To Tracking of The User

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances...

SUSE CVE-2024-27316

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

PT-2023-32239 · WordPress · Wassup Real Time Analytics

Name of the Vulnerable Software and Affected Versions: WassUp Real Time Analytics WordPress plugin versions 1.9.4.5 and earlier Description: The issue allows unauthenticated users to perform Stored XSS attacks against logged in admins. This is due to the plugin not escaping IP address provided vi...

CVE-2023-5538

The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

DEBIAN-CVE-2023-38039

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of header...

SUSE CVE-2020-13985

An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rplremoveheader in net/rpl/rpl-ext-header.c...

GSD-2023-1000328 xen/netback: Ensure protocol headers don't fall in the non-linear area

xen/netback: Ensure protocol headers don't fall in the non-linear area This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.269 by commit...

GSD-2023-1000225 xen/netback: Ensure protocol headers don't fall in the non-linear area

xen/netback: Ensure protocol headers don't fall in the non-linear area This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.159 by commit...

GSD-2023-1000150 xen/netback: Ensure protocol headers don't fall in the non-linear area

xen/netback: Ensure protocol headers don't fall in the non-linear area This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.83 by commit...

GSD-2023-1000053 xen/netback: Ensure protocol headers don't fall in the non-linear area

xen/netback: Ensure protocol headers don't fall in the non-linear area This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.13 by commit...