7 matches found
CVE-2026-54387
Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...
DEBIAN-CVE-2026-54388
Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can...
Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection
...
httpd: HTTP response splitting
A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting...
HTTP Response Splitting
Apache HTTP Server is vulnerable to HTTP Response splitting. The vulnerability is due to inadequate handling of malicious response headers, allowing an attacker to inject headers into backend applications and cause an HTTP desynchronization attack...
Taiyuan Xunyi Technology Co., Ltd. 74cms background SQL injection vulnerability
74cms Knight cms talent system is a free open source professional recruitment system based on PHP + MYSQL as the core development. Taiyuan Xunyi Technology Co., Ltd. 74cms background SQL injection vulnerabilities, attackers can exploit the vulnerability to obtain database sensitive information...
zzzphp V1.7.4 SQL Injection Vulnerability in Backend
zzphp is a free website builder developed in PHP language. zzzphp V1.7.4 suffers from a SQL injection vulnerability in the backend, which can be exploited by attackers to obtain sensitive information...