PT-2025-22135 · NetGear · Netgear Dgnd3700

Name of the Vulnerable Software and Affected Versions: Netgear DGND3700 version 1.1.00.15 1.00.15NA Description: A very critical issue was found, affecting the Basic Authentication component of the Netgear DGND3700. This issue leads to improper authentication and can be initiated remotely. The...

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

Mitsubishi (CVE-2022-33321)

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...

CVE-2025-43704

Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server...

CVE-2025-43704

Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server...

CVE-2025-32859

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to...

CVE-2025-43704

CVE-2025-43704 affects Arctera/Veritas Data Insight prior to 7.1.2. The issue allows sending cleartext credentials when the product is configured to use HTTP Basic Authentication to a Dell Isilon OneFS server. The reported remediation is to upgrade to version 7.1.2 or later. Exploit details or ac...

Veritas Data Insight 安全漏洞

Veritas Data Insight is a solution from Veritas that classifies, contextualizes, and controls unstructured data. A security vulnerability exists in Veritas Data Insight versions prior to 7.1.2 that stems from the possibility of sending plaintext credentials when configured to use HTTP basic...

CVE-2025-43704

Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server...

CVE-2025-43704

Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server...

(Pwn2Own) Lexmark CX331adwe basic_auth.cgi PATH_TRANSLATED Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the PATHTRANSLATED parameter provided to the...

Stream HTTP wrapper header check might omit basic auth header

...

CVE-2025-1736 Stream HTTP wrapper header check might omit basic auth header

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...

OESA-2025-1299 rubygem-rack security update

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...

Linux Distros Unpatched Vulnerability : CVE-2019-12529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the...

CVE-2024-47053

This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated use...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the Reporting API. An attacker can gain unauthorized access to sensitive report data by exploiting the flawed HTTP Basic Authentication implementation. Note: This is only exploitable if the API is enabled and...