Not Failing Securely ('Failing Open')

Overview fast-jwt is a Fast JSON Web Token implementation Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' due to improper validation of the crit header parameter. An attacker can bypass intended authorization policies by crafting a signed token with unknown...

EUVD-2008-2198

Malware in sbrugna...

CVE-2025-59420

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s JWS verification accepts tokens that declare unknown critical header parameters crit, violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical...

libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict

A flaw was found in the libsoup library. Decoding specially crafted UTF-8 input data with the soupheaderparseparamliststrict function can cause a heap-based buffer overflow, potentially resulting in code execution and denial of service to applications linked to the library...

CVE-2024-3801

Sites managed in S@M CMS Concept Intermedia might be vulnerable to Reflected XSS via including scripts in one of GET header parameters. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears...

OESA-2022-2073 ganglia security update

Ganglia is a scalable, real-time monitoring and execution environment with all execution requests and statistics expressed in an open well-defined XML format. Security Fixes: ganglia-web aka Ganglia Web Frontend through 3.7.5 allows XSS via the header.php ce parameter.CVE-2019-20378 ganglia-web a...

CVE-2021-37216

QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data...

PT-2021-2791 · Cisco · Cisco Ftd +5

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD versions affected versions not specified Cisco Catalyst versions affected versions not specified Cisco ISR versions affected versions not specified Cisco ISA versions affected versions not specified Cisco IS...

UBUNTU-CVE-2020-11709

cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the setredirect and setheader functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts...

CVE-2008-2204

Multiple cross-site scripting XSS vulnerabilities in admin/inc/header.php in Maian Search 1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 header, 2 header2, 3 header3, 4 header4, 5 header5, 6 header6, 7 header7, 8 header8, and 9 header9 parameters...

CVE-2008-2204

Multiple cross-site scripting XSS vulnerabilities in admin/inc/header.php in Maian Search 1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 header, 2 header2, 3 header3, 4 header4, 5 header5, 6 header6, 7 header7, 8 header8, and 9 header9 parameters...

Zebedee encrypted tunnel server DoS

Some internal protocol header parameters lead to assert in server application...