MiracleLinux 8 : dpdk-21.11-2.el8 (AXSA:2023-4785:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4785:02 advisory. dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs CVE-2022-2132 Tenable has extracted the preceding description block...

CVE-2019-7232

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler SEH address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to...

EUVD-2010-2074

Malware in sbrugna...

EUVD-2018-18450

Malware in sbrugna...

EUVD-2008-5496

Malware in sbrugna...

EUVD-2011-3304

Malware in sbrugna...

EUVD-2017-9997

Malware in sbrugna...

EUVD-2019-5645

Malware in sbrugna...

EUVD-2002-0282

Malware in sbrugna...

EUVD-2022-4201

Malicious code in bioql PyPI...

EUVD-2022-1607

Malicious code in bioql PyPI...

📄 Node.JS 4.1.1 Directory Listing

Node.JS versions 4.1.1 and below suffer from a Range header issue that results in a directory listing. !/bin/bash Exploit Title: Node.JS -u \n" exit else echo -e "\n+ TARGET: $TARGET$URI\n" curl -s -H "Range: 99999" $TARGET$URI | html2text | sed '1d;$d' fi...

CVE-2025-48074 OpenEXR's Unbounded File Header Values can Lead to Out-Of-Memory Errors

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

CVE-2018-7717

The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik Simple Image Gallery Extended SIGE extension 3.2.3 for Joomla! has XSS via a crafted image header, as demonstrated by the Caption-Abstract header object in a JPEG file. This is fixed in 3.3.1...

CVE-2025-2833 zhangyd-c OneBlog HTTP Header redos

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...

The vulnerability of TP-Link TL-WR840N router’s microprogramming software, related to deficiencies in authentication procedures, allows attackers to circumvent existing security restrictions.

The vulnerability of TP-Link TL-WR840N router’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions by sending a specially crafted request with the Referer header set...

The vulnerability of TP-Link Archer c20 router’s microprogramming software, related to deficiencies in authentication procedures, allows attackers to circumvent existing security restrictions.

The vulnerability of TP-Link Archer c20 router’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions by adding the parameter “Referer: http://tplinkwifi.net” to the...

@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long sequence of spaces followed by a newline and "@", an attacker can exploit inefficient regular expression processin...

Royal Elementor Addons < 1.3.95 - Unauthenticated IP Spoofing

Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to IP Address Spoofing due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP addresses. Set any of the following server headers as used in getclienti...

CVE-2023-34036 Forwarded header exploit with Spring HATEOAS on WebFlux

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...