245 matches found
Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash
A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace Context...
CVE-2026-0865 wsgiref.headers.Headers allows header newline injection
User-controlled header names and values containing newlines can allow injecting HTTP headers...
CVE-2022-31746
Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS 102...
Important: python-tornado
Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can ...
WordPress Advanced iFrame plugin <= 2024.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Host Header vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Host Header vulnerability discovered by omstaendlig in WordPress Plugin Advanced iFrame versions = 2024.5...
SUSE CVE-2025-66577
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real-IP headers which...
CVE-2025-67494
ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI V2 treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This...
cpp-httplib 安全漏洞
cpp-httplib is an HTTP/HTTPS server and client library written in C++ by the individual developer yhirose. A security vulnerability exists in cpp-httplib versions prior to 0.27.0, which stems from an attacker-controllable HTTP header that affects server-visible metadata, logging, and authorizatio...
PT-2025-44644
Name of the Vulnerable Software and Affected Versions Totolink LR350 version 9.3.5u.6369 B20220309 Description The software contains a stack overflow issue via the http host parameter in the sub 426EF8 function. A crafted request can cause a Denial of Service DoS. The vulnerable parameter is http...
PT-2025-44357
Name of the Vulnerable Software and Affected Versions Drupal Reverse Proxy Header versions prior to 1.1.2 Description An improper validation of consistency within input exists in Drupal Reverse Proxy Header, allowing manipulation of user-controlled variables. Recommendations Update to version 1.1...
HTTP Request Smuggling
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Request Smuggling via the CORS middleware, which copies the Vary header from the request to the response when the origin is not set to "". An attacker can influence cache behavior or...
CVE-2025-52630 HCL AION is susceptible to Missing or insecure "X-Content-Type-Options" header vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0...
EUVD-2011-0528
Malware in sbrugna...
EUVD-2020-2831
Malware in sbrugna...
EUVD-2001-0803
Malware in sbrugna...
EUVD-2001-0517
Malware in sbrugna...
EUVD-2007-4961
Malware in sbrugna...
EUVD-2017-3819
Malware in sbrugna...
EUVD-2019-16776
Malware in sbrugna...
EUVD-2009-2995
Malware in sbrugna...