CVE-2026-45307

Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the issafeurl helper used to validate post-login redirect targets applied urljoinrequest.hosturl, target before parsing, while the controller passed the raw target to redirect. A...

Devise 输入验证错误漏洞

Devise is an open-source authentication solution based on Warden, developed by heartcombo. Versions of Devise prior to 5.0.3 contained a vulnerability related to input validation. This vulnerability stemmed from the FailureAppredirecturl method returning an unvalidated HTTP Referer header, which...

Exploit for Server-Side Request Forgery in Vercel Next.Js

CVE-2024-34351 Demo Minimal Next.js 14.0.0 application for de...

Linux Distros Unpatched Vulnerability : CVE-2026-29181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value...

CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

SUSE CVE-2026-33249

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message tracing headers can indicate that the trace messages can be sent to an arbitrary valid subject,...

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2026-1402)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2026-1316)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2026-1342)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Flask 安全漏洞

Flask is a Python micro-framework developed by Pallets, used for building web applications. Versions of Flask prior to 3.1.2 have a security vulnerability caused by an improper setting of the Vary header when accessing session objects. This vulnerability may lead to the use of cache containing...

MiracleLinux 7 : php-5.4.16-48.0.10.el7.AXS7 (AXSA:2025-10839:09)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10839:09 advisory. CVE-2025-1736: fix incorrect validation of CRLF in http headers CVEs: CVE-2025-1736 In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. befor...

CVE-2025-12543

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

CVE-2025-12543

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

Linux Distros Unpatched Vulnerability : CVE-2025-12543

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly...

ROS-20251106-03

A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to incorrect header processing in "Rack::Sendfile". header processing in "Rack::Sendfile". Exploitation of the vulnerability could allow an attacker, acting remotely, to gain access to potentially...

CVE-2025-62276

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...

EUVD-2021-33997

Malicious code in bioql PyPI...

EUVD-2025-25216

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-50305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users ar...

Linux Distros Unpatched Vulnerability : CVE-2024-7868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Xpdf 4.05 and earlier, invalid header info in a DCT JPEG stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file cause...