1248 matches found
CVE-2025-59089
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...
CVE-2025-59089 Python-kdcproxy: remote dos via unbounded tcp upstream buffering
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...
CVE-2025-59089
CVE-2025-59089 is a DoS in python-kdcproxy caused by unbounded TCP buffering and permissive handling of response chunks, enabling memory/CPU exhaustion when kdcproxy connects to attacker-controlled KDCs. Related issue CVE-2025-59088 concerns SSRF via DNS SRV discovery for realms, allowing probing...
python-kdcproxy: Remote DoS via unbounded TCP upstream buffering
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...
python-kdcproxy: Remote DoS via unbounded TCP upstream buffering
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...
python-kdcproxy: Remote DoS via unbounded TCP upstream buffering
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via Application.handlerecv. An attacker can exhaust server memory or CPU resources by causing the system to process unbounded TCP response data from an attacker-controlled upstream...
kernel: virtio/vsock: Fix accept_queue memory leak
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix acceptqueue memory leak As the final stages of socket destruction may be delayed, it is possible that virtiotransportrecvlisten will be called after the acceptqueue has been flushed, but before the SOCKDONE flag...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988830)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988830 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpl3mdevaccept. While reading sysctltcpl3mdevaccept, it can be...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989905)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989905 advisory. In the Linux kernel, the following vulnerability has been resolved: udp: Fix a data-race around sysctludpl3mdevaccept. While reading sysctludpl3mdevaccept, it can be...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988894)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988894 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Fix a data-race around sysctltcpfwmarkaccept. While reading sysctltcpfwmarkaccept, it c...
EUVD-2025-36332
A vulnerability was determined in code-projects Nero Social Networking Site 1.0. Affected is an unknown function of the file /acceptoffres.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and...
CVE-2025-8848
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...
Exposure of Information Through Directory Listing
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Exposure of Information Through Directory Listing due to the improper error handling. An attacker can gain unauthorized access to internal directory structures by sending crafted HTTP with absent...
EUVD-2025-35577
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...
CVE-2025-8848
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...
CVE-2025-8848
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...
CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...
CVE-2025-8848
LibreChat (danny-avila/librechat) v0.7.9 contains a vulnerability where the Accept-Language header is not properly sanitized, allowing a logged-in attacker to inject arbitrary HTML into the html lang tag, effectively a stored XSS risk as described by multiple sources (NVD, Nuclei template, OSV, R...
CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...