HAXCMS 代码问题漏洞

HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS prior to 26.0.0 had code-related vulnerabilities. These vulnerabilities stemmed from improper session termination, which could allow attackers to obtain valid tokens and gain persistent access to...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Medium: libsoup

Issue Overview: A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing th...

TencentOS Server 3: nodejs:20 (TSSA-2025:0462)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0462 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-62781

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the currently active one. However, the current session’s...

PT-2025-24676 · Siemens · Scalance Xcm328 +20

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM RST2428P versions prior to V3.2 SCALANCE XC316-8 versions prior to V3.2 SCALANCE XC324-4 versions prior to V3.2 SCALANCE XC324-4 EEC versions prior to V3.2 SCALANCE XC332 versions prior to V3.2 SCALANCE XC416-8 versions prior to V3....

AZL-65063 CVE-2025-23167 affecting package nodejs18 18.20.3-11

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

CVE-2024-45288 Multiple vulnerabilities in libnv

A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer...

PT-2024-2336 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers affected versions not specified Description: A vulnerability in the PPP over Ethernet PPPoE termination feature could allow an unauthenticated, adjacent attacker to...

PT-2023-30103 · Weborf +1 · Weborf +1

Name of the Vulnerable Software and Affected Versions: Weborf versions 0.17 through 0.20 Itworf versions prior to 88 Description: The issue is related to a null termination flaw in the cgi.c file of Weborf, where the path for CGI scripts lacks '0' termination due to the misuse of strncpy. This...

Design/Logic Flaw

The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP...

IBM Security Information Queue Information Disclosure Vulnerability (CNVD-2020-22188)

IBM Security Information Queue is a data integration product from IBM USA. The product utilizes Kafka technology and a publish-subscribe model to integrate data between IBM security products. A security vulnerability exists in IBM Security Information Queue ISIQ that stems from the program failin...