PT-2026-50734

Name of the Vulnerable Software and Affected Versions http-proxy-middleware versions 0.16.0 through 2.0.9 http-proxy-middleware versions 3.0.0 through 3.0.5 http-proxy-middleware versions 4.0.0 through 4.0.9 Description An issue exists in the router proxy-table implementation where host+path...

Security update for perl-Protocol-HTTP2

This update for perl-Protocol-HTTP2 fixes the following issue CVE-2026-10725: denial of service due to absence of inbound HPACK header-list size limit HTTP/2 Bomb attack bsc1267857. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdat...

Insecure Default Initialization of Resource

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the hasValidToken function. An attacker can gain unauthorized access to create and modify FAQ entries,...

Security Bulletin: Vulnerability in libsoup affects IBM Netezza Appliance

Summary The libsoup package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVECVE-2025-14523 Vulnerability Details CVEID:CVE-2025-14523 DESCRIPTION: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last...

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Advisory ROSA-SA-2026-3208

Software: webmin 2.520 WASP: ROSA-CHROME unaffected versions = webmin-2.520-1 affected versions webmin-2.520-1 CVE-ID: CVE-2025-61541 BDU-ID: 2025-14429 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the getwebminemailurl function of the Webmin hosting control panel is related to access delimitatio...

EUVD-2026-8842

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

PT-2026-22130

Name of the Vulnerable Software and Affected Versions PcVue WebClient and WebScheduler versions 15.0.0 through 16.3.3 Description A HTTP Host header attack affects the WebClient and WebScheduler web apps, potentially allowing a remote attacker to inject harmful payloads and manipulate server-side...

CVE-2025-66596

CVE-2025-66596 affects Yokogawa FAST/TOOLS. The issue is improper validation of request headers, where an attacker providing an invalid Host header can cause users to be redirected to malicious sites. Affected FAST/TOOLS packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB, across versions R9.01 to R1...

CVE-2026-22198

GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting XSS vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value for example, to /api/v1/ticket.php, an unauthenticated attacker can cause...

CVE-2024-41801

OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the "Login required" setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProje...

PT-2025-52528

Name of the Vulnerable Software and Affected Versions LDAP Tool Box Self Service Password version 1.5.2 Description The software contains a password reset issue where attackers can manipulate HTTP Host headers during token generation. This allows crafting malicious password reset requests that...

Linux Distros Unpatched Vulnerability : CVE-2025-14874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Nodemailer. This vulnerability allows a denial of service DoS via a crafted email address header that triggers infinite recursion in the...

PT-2025-49169

Name of the Vulnerable Software and Affected Versions LaraDashboard versions prior to 2.3.0 Description LaraDashboard, an all-in-one solution for starting a Laravel Application, has an issue in the password reset flow where it trusts the Host header. This allows attackers to redirect an...

ROS-20251113-02

The Webmin hosting control panel vulnerability involves manipulating the Host header to inject a malicious domain into a password reset email. malicious domain in a password reset link email. Exploitation of the vulnerability could allow an attacker acting remotely to intercept the password reset...

Linux Distros Unpatched Vulnerability : CVE-2025-62727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP...

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4j2-BugMaker CVE-2021-44228 Log4Shell Vulnerability Dem...

EUVD-2012-2759

Malware in sbrugna...