CVE-2026-23242

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siwgethdr returns -EINVAL before setrxfpducontext, qp-rxfpdu can be NULL. The error path in siwtcprxdata dereferences qp-rxfpdu-moreddpsegs without checking...

CVE-2026-23242

CVE-2026-23242 affects the Linux kernel RDMA/siw header processing: siw_tcp_rx_data may dereference a NULL qp->rx_fpdu if siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(). The fix adds a NULL check for rx_fpdu before accessing more_ddp_segs, preventing the NULL pointer dereference. P...

EUVD-2024-32370

Malicious code in bioql PyPI...

EUVD-2025-31087

Malicious code in bioql PyPI...

CVE-2025-10944

A weakness has been identified in yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. This issue affects the function ip of the file ip.php. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. This product uses a rolling...

CVE-2025-10944

A weakness has been identified in yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. This issue affects the function ip of the file ip.php. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. This product uses a rolling...

CVE-2025-10944

The CVE-2025-10944 entry concerns yi-ge get-header-ip:ip.php, where the callback argument in the ip function can be manipulated to trigger cross-site scripting. Affected versions are those prior to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. The weakness can be exploited remotely via network access...

CVE-2025-10944 yi-ge get-header-ip ip.php cross site scripting

A weakness has been identified in yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. This issue affects the function ip of the file ip.php. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. This product uses a rolling...

PT-2025-39366

Name of the Vulnerable Software and Affected Versions yi-ge get-header-ip versions prior to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15 Description A cross-site scripting issue exists due to manipulation of the callback argument within the ip function of the ip.php file. This allows for remote...

get-header-ip 代码注入漏洞

get-header-ip is an interface for Yige Personal Developer to get client IP address. A code injection vulnerability exists in get-header-ip 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15 and earlier versions, which stems from incorrect manipulation of the callback parameter of the function ip in the fil...

CVE-2023-4140

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'getheadervalues' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the...

CVE-2024-3798

Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reache...

CVE-2024-3801

Sites managed in S@M CMS Concept Intermedia might be vulnerable to Reflected XSS via including scripts in one of GET header parameters. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears...

CVE-2023-4140

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'getheadervalues' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the...

PT-2023-27940 · WordPress · Wp Ultimate Csv Importer

Name of the Vulnerable Software and Affected Versions: WP Ultimate CSV Importer plugin for WordPress versions up to, and including, 7.9.8 Description: The issue is related to privilege escalation due to insufficient restriction on the get header values function. This allows authenticated attacker...

WordPress plugin WP Ultimate CSV Importer Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

SUSE CVE-2004-0234

Multiple stack-based buffer overflows in the getheader function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testi...

SUSE CVE-2004-1285

Buffer overflow in the getheader function in asfmmststreaming.c for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a crafted ASF video stream...

PT-2022-36764 · Git +1 · Opensis

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap buffer overflow error, specifically a READ 1 type crash. The crash occurs in the following functions: parse content length...

OESA-2022-1853 rsync security update

Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...