Cherokee HTTPD <=0.5 - Cross-Site Scripting

Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. id: CVE-2006-1681 info:...

PT-2026-26187

Impact This is an Improper Error Handling vulnerability with Information Exposure implications. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leaks intern...

EUVD-2024-3088

Malicious code in bioql PyPI...

EUVD-2025-12611

Malicious code in bioql PyPI...

CVE-2024-46995

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue...

CVE-2024-46995

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue...

CVE-2024-46995 baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue...

CVE-2024-46995

CVE-2024-46995 affects baserCMS prior to 5.1.2, with a cross-site scripting (XSS) vulnerability exposed via HTTP 400 Bad Request responses. The issue is fixed in 5.1.2 (and later), with advisories indicating upgrade to 5.1.3 or newer as a remediation path. Exploitation details are not provided in...

CVE-2024-46995 baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue...

CVE-2024-46995 baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue...

GHSA-MR7Q-FV7J-JCGV baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request

XSS vulnerability in HTTP 400 Bad Request to baserCMS. Target baserCMS 5.1.1 and earlier versions Vulnerability Malicious code may be executed in HTTP 400 Bad Request. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information...

baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request

XSS vulnerability in HTTP 400 Bad Request to baserCMS. Target baserCMS 5.1.1 and earlier versions Vulnerability Malicious code may be executed in HTTP 400 Bad Request. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information...

GHSA-HR9R-8PHQ-5X8J OpenFGA vulnerable to denial of service due to circular relationship

Overview OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Am I Affected? You are affected by this vulnerability if you are using OpenFGA v1.1.0 or...

OpenFGA vulnerable to denial of service due to circular relationship

Overview OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Am I Affected? You are affected by this vulnerability if you are using OpenFGA v1.1.0 or...

Design/Logic Flaw

The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC72301 as it returns a 200 instead of a 400...

HackerOne: Information disclosure

Summary: Chaining few simple informative issues on HackerOne platform and applying new method of timing attack, exploiting interesting feature in HTML5 https://developer.mozilla.org/en-US/docs/Web/API/ResourceTimingAPI/UsingtheResourceTimingAPI more precise Copy with CORSwe can perform low cost,...

Moderate: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

[SECURITY] [DSA 3788-2] tomcat8 regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3788-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3787-2] tomcat7 regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3787-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq -...

Apache HTTP Server httpOnly Cookie Information Disclosure

The version of Apache HTTP Server running on the remote host is affected by an information disclosure vulnerability. Sending a request with HTTP headers long enough to exceed the server limit causes the web server to respond with an HTTP 400. By default, the offending HTTP header and value are...