EUVD-2026-24674

The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hhhtpasswdpath' option and lack of sanitization on the...

CVE-2026-35213

@hapi/content provided HTTP Content- headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns...

PT-2026-29609

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description The C parser, used by default in most installations, allowed null bytes and control characters within response headers. An attacker could leverage this to send header values that are interpreted...

AlmaLinux 8 : python3.11 (ALSA-2026:4473)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4473 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: IMAP command injection in user-controlled commands...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in AuthorizeDebugRequest function, which handles requests to the HTTP debug endpoints on port 15014. An attacker can gain unauthorized access to protected services by sending requests with multiple header values...

CVE-2025-7760 Reflected XSS in Ofisimo's Association Web Package Flora

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers.This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The...

Ofisimo Flora 跨站脚本漏洞

Ofisimo Flora is a website-building script developed by the Turkish company Ofisimo. The Ofisimo Flora v3.0 version until 03022026 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation, which could allow for cross-site scripting...

Global Interactive Design Media Content Management System Cross-Site Script Vulnerability

Global Interactive Design Media Content Management System is a content management system developed by the Turkish company Global Interactive Design Media. Versions of the Global Interactive Design Media Content Management System prior to version 21072025 contained a cross-site scripting...

PT-2026-3470

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...

MiracleLinux 7 : php-5.4.16-48.0.6.el7.AXS7 (AXSA:2025-10014:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10014:03 advisory. CVE-2025-1217: fix handling of folded headers by the http stream parser CVE-2025-1734: fix validation of http headers with missing colon...

UBUNTU-CVE-2026-21428

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the writeheaders function does not check for CR & LF characters in user supplied headers, allowing untrusted header value to escape header lines. This vulnerability allows attackers to add...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses on-headers-1.0.2.tgz which is vulnerable to CVE-2025-7339.

Summary IBM Maximo Application Suite - Monitor Component uses on-headers-1.0.2.tgz which is vulnerable to CVE-2025-7339. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in on-headers-1.0.2.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in on-headers-1.0.2.tgz Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may...

EUVD-2012-4010

Malware in sbrugna...

EUVD-2014-3042

Malware in sbrugna...

EUVD-2022-4678

Malicious code in bioql PyPI...

CVE-2025-8411 XSS in Dokuzsoft Technology's E-Commerce Web Design Product

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers.This issue affects E-Commerce Web Design Product: before 11.08.2025...

on-headers is vulnerable to http response header manipulation

Impact A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead Patches Users should upgrade to 1.1.0 Workarounds Uses are encouraged to upgrade to 1.1.0, but this issue can be worked around by passing an object t...

GHSA-76C9-3JPH-RJ3Q on-headers is vulnerable to http response header manipulation

Impact A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead Patches Users should upgrade to 1.1.0 Workarounds Uses are encouraged to upgrade to 1.1.0, but this issue can be worked around by passing an object t...

CVE-2025-53094 ESPAsyncWebServer Vulnerable to CRLF Injection in AsyncWebHeader.cpp

ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and including 3.7.8, a CRLF Carriage Return Line Feed injection vulnerability exists in the construction and output of HTTP headers within AsyncWebHeader.cpp. Unsanitize...