130 matches found
EUVD-2021-16193
Malware in sbrugna...
EUVD-2025-27818
Malicious code in bioql PyPI...
CLSA-2025-1758135826 grafana: Fix of CVE-2022-39307
CVE-2022-39307: fix omit error from http response when user does not exist...
CVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...
CVE-2025-55143
Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote unauthenticated attacker to inject arbitrary te...
Linux Distros Unpatched Vulnerability : CVE-2023-40547
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows...
Linux Distros Unpatched Vulnerability : CVE-2025-4979
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to...
CVE-2025-32010
A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability...
CVE-2025-32010
CVE-2025-32010 affects Tenda AC6 V5.0 V02.03.01.110 in the Cloud API: a stack-based buffer overflow triggered by a specially crafted HTTP response can lead to arbitrary code execution. The TALOS analysis confirms the vulnerability exists in the Cloud API’s handling of HTTP interactions, enabling ...
CVE-2025-32010
A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability...
GitLab Community Edition和GitLab Enterprise Edition 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Community Edition and GitLab Enterprise...
DEBIAN-CVE-2025-2784
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server...
ZOO-Project 跨站脚本漏洞
ZOO-Project is an open source processing platform from ZOO-Project Open Source. ZOO-Project suffers from a cross-site scripting vulnerability that stems from the publish.py CGI script reflecting user input for the jobid parameter directly into the HTTP response without HTML coding or cleanup...
SUSE CVE-2025-0825
cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...
caido 跨站脚本漏洞
caido is an open source application from Caido. Designed to help security professionals and enthusiasts audit Web applications efficiently and easily. A cross-site scripting vulnerability exists in Caido version v0.45.0 that stems from improper cleanup in the URL decoding tooltip of the HTTP...
IBM Security ReaQta 安全漏洞
IBM Security ReaQta is an AI autonomous detection and response platform from International Business Machines IBM. An information disclosure vulnerability exists in IBM Security ReaQta version 3.12, which stems from the return of sensitive information in an HTTP response, and can be exploited by a...
PYSEC-2024-310
Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...
CVE-2024-41226
A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. T...
CVE-2024-40324
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return CR and Line Feed LF characters into input fields, leading to HTTP response splitting and header manipulation...
SUSE CVE-2021-37939
It was discovered that Kibana's JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could utilize these connecto...