GHSA-38M6-82C8-4XFM Parse Server: Pre-authentication denial of service via client version header regex backtracking

Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...

Parse Server: Pre-authentication denial of service via client version header regex backtracking

Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...

PT-2026-42860

Name of the Vulnerable Software and Affected Versions Parse Server affected versions not specified Description An unauthenticated attacker with knowledge of a public Parse Application ID can cause a denial of service by submitting a single HTTP request to any '/parse/' endpoint. The attack involv...

Regular Expression Denial of Service (ReDoS)

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the clientSDK parameter in the request-header parser. An attacker can exhaust...

CVE-2023-50324

IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038...

EUVD-2025-36362

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...

EUVD-2003-0117

Malware in sbrugna...

EUVD-2020-1460

Malware in sbrugna...

EUVD-2023-55129

Malicious code in bioql PyPI...

Malicious code in Be.Vlaanderen.Basisregisters.AspNеtCore.Mvc.Middleware.AdԁVersionHeader (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderen.Basisregisters.AspNеtCore.Mvc.Middlеware.AdԁVersionHeаder (NuGet)

--- -= Per source details. Do not edit below this line.=-...

PT-2024-2056 · Ibm · Ibm Cognos Command Center

Name of the Vulnerable Software and Affected Versions: IBM Cognos Command Center versions 10.2.4.1 through 10.2.5 Description: The issue is related to the exposure of information in the IBM Cognos Command Center, which could allow an attacker to obtain details about the application environment an...

PT-2024-21320 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.3.25 Liferay DXP 7.4 before update 26 Liferay DXP 7.3 before update 5 Liferay DXP 7.2 before fix pack 19 Description: The default value of the portal property http.header.version.verbosity is set to...

Security update for libslirp (moderate)

openSUSE Security Update: Security update for libslirp Announcement ID: openSUSE-SU-2022:2941-1 Rating: moderate References: 1187365 1201551 Cross-References: CVE-2021-3593 CVSS scores: CVE-2021-3593 NVD : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3593 SUSE: 3.8...

OPENSUSE-SU-2022:2941-1 Security update for libslirp

This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure udp6 bsc1187365. Non-security fixes: - Fix the version header bsc1201551...

SUSE-SU-2022:2941-1 Security update for libslirp

This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure udp6 bsc1187365. Non-security fixes: - Fix the version header bsc1201551...

Cache Poisoning

find-my-way is vulnerable to web cache poisoning. The vulnerability exists when it accepts the Accept-Version header by default, and if the versioned routes are not used, it leads to a denial of serviceDoS...

Web Cache Poisoning

Overview Affected versions of this package are vulnerable to Web Cache Poisoning. It accepts the Accept-Version header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack...

DEBIAN-CVE-2017-5488

Multiple cross-site scripting XSS vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 version header of a plugin...

Malformed PDF Version Header

PDF files may include a malformed version header. A remote attacker may use such a header inside PDF files to evade IPS inspection, in order to avoid detection of attacks against various PDF vulnerabilities...