SUSE SLES15 Security Update : nodejs22 (SUSE-SU-2026:1509-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1509-1 advisory. Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism...

auditor-v1

🔐 Web Security Auditor v2.0 Mini BurpSuite / OWASP ZAP hech...

EUVD-2019-8653

Malware in sbrugna...

CVE-2025-7339

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

CVE-2025-53094

ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and including 3.7.8, a CRLF Carriage Return Line Feed injection vulnerability exists in the construction and output of HTTP headers within AsyncWebHeader.cpp. Unsanitize...

CVE-2025-30360

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The Origin header is checked to prevent Cross-si...

CVE-2025-48865

Fabio is an HTTPS and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers except X-Forwarded-For due to a vulnerability in how it processes hop-by-hop headers. Fabio adds HTTP headers like X-Forwarded-Host and...

CVE-2025-48865 Fabio allows HTTP clients to manipulate custom headers it adds

Fabio is an HTTPS and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers except X-Forwarded-For due to a vulnerability in how it processes hop-by-hop headers. Fabio adds HTTP headers like X-Forwarded-Host and...

Linux Distros Unpatched Vulnerability : CVE-2023-45289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive heade...

HTTP Hop-By-Hop Headers Detected

This is an informational plugin to inform the user that the scanner detected that the target application handles specific HTTP headers as hop-by-hop headers. No source data...

CVE-2024-21510

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host XFH header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into...

CVE-2024-45410 HTTP client can remove the X-Forwarded headers in Traefik

Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...

IP Address Spoofing

serilog.enrichers.clientinfo is vulnerable to IP Spoofing. The vulnerability is caused due to a failure to validate IP address specified in X-Forwarded-For or Client-Ip headers. This allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or...

OPENSUSE-SU-2024:0150-2 Security update for libhtp

This update for libhtp fixes the following issues: - CVE-2024-23837: excessive processing time of HTTP headers can lead to denial of service boo1220403...

OPENSUSE-SU-2021:0796-1 Security update for python-httplib2

This update for python-httplib2 contains the following fixes: Security fixes included in this update: - CVE-2021-21240: Fixed a regular expression denial of service via malicious header bsc1182053. - CVE-2020-11078: Fixed an issue where an attacker could change request headers and body bsc1171998...

CVE-2005-0174

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including 1 multiple Content-Length headers, 2 carriage return CR characters that are not part of a CRLF pair, and 3 header names containing...

Microsoft Exchange 2000 exhausts server resources while attempting to process malformed mail attributes

Overview Microsoft Exchange 2000 contains a vulnerability that allows remote attackers to conduct a denial-of-service attack that once begun, cannot be stopped until the crafted message has been completely processed. Description Microsoft Exchange 2000 contains a vulnerability in its handling of...