CVE-2025-66035

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...

EUVD-2023-32977

Malicious code in bioql PyPI...

Azure Linux 3.0 Security Update: libsoup (CVE-2025-4476)

The version of libsoup installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4476 advisory. - A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be...

CVE-2025-22149 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...

CVE-2014-7143

Python Twisted 14.0 trustRoot is not respected in HTTP client...

MGASA-2015-0212 Updated async-http-client packages fix security vulnerabilities

Updated async-http-client packages fix security vulnerabilities: It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also uses client certificates. This can be exploited by a Man-in-the-middle MITM attack...