CVE-2026-21790 HCL Traveler is susceptible to a weak default HTTP header validation vulnerability

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...

PT-2026-27498

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...

AZL-72368 CVE-2025-67725 affecting package python-tornado 6.2.0-1

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

...

camel-http: org.apache.camel: bypass of header filters via specially crafted response

A vulnerability was found in Apache Camel. This flaw allows an attacker to bypass filtering via a specially crafted request containing a certain combination of upper and lower case characters due to an issue in the default header filtering mechanism, which blocks headers starting with "Camel" or...

Apache Camel 安全漏洞

Apache Camel is an open source integration framework based on the Enterprise Integration Pattern EIP from the Apache Foundation in the United States. The framework provides an implementation of the Enterprise Integration Pattern's Java Objects POJOs and configures rules for routing and brokering...

GHSA-2C2H-2855-MF97 Apache Camel: Camel Message Header Injection via Improper Filtering

Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.9.0 through = 4.10.1, from 4.8.0 through = 4.8.4, from 3.10.0 through = 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and...

PYSEC-2024-71

A vulnerability in corydolphin/flask-cors up to version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant...

Flask-CORS 安全漏洞

Flask-CORS is a cross-origin resource sharing component for Flask by the individual developer Cory Dolphin. A security vulnerability exists in Flask-CORS version 4.0.1 that stems from allowing Access-Control-Allow-Private-Network to set the CORS header to true by default without any configuration...

AZL-42733 CVE-2024-37891 affecting package python-urllib3 for versions less than 2.0.7-1

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

PT-2024-19690 · Bcc +5 · Bcc +5

Name of the Vulnerable Software and Affected Versions: bcc affected versions not specified Description: The issue arises when kernel headers need to be extracted, and bcc attempts to load them from a temporary directory. An unprivileged attacker could exploit this to force bcc to load compromised...

CyBoards PHP Lite Default_Header.PHP远程文件包含漏洞

CyBoards PHP Lite是一款基于PHP的WEB应用程序。 CyBoards PHP Lite不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'DefaultHeader.PHP'脚本对用户提交的WEB参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 Cyboards PHP Lite 1.21 目前没有解决方案提供： http://www.gold-sonata.com/index.phtml?content=script/forums&menu=script Coded by bd0rk || SOH-Cr...