EUVD-2017-0306

Malware in sbrugna...

EUVD-2019-16190

Malware in sbrugna...

EUVD-2022-2563

Malicious code in bioql PyPI...

EUVD-2023-54318

Malicious code in bioql PyPI...

CVE-2025-8129

CVE-2025-8129 affects Koa (Koa up to v3.0.0). The vulnerability lies in lib/response.js where manipulation of Referrer can trigger an open redirect. Exploitation is remote and the exploit has been disclosed publicly. Remediation per public sources is to upgrade Koa to a version that contains the ...

CVE-2025-7339 on-headers vulnerable to http response header manipulation

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

CVE-2022-22831

An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header...

CVE-2019-6631

On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs...

CVE-2025-2950

IBM i (versions 7.3, 7.4, 7.5, and 7.6) is affected by a host header injection vulnerability due to improper neutralization of HTTP header content in IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to alter the domain/IP, potentially causing unexpected b...

PT-2025-17301 · Ibm · Ibm I +1

Name of the Vulnerable Software and Affected Versions: IBM i versions 7.3 through 7.5 Description: The issue is caused by improper neutralization of HTTP header content by IBM Navigator for i, allowing an authenticated user to manipulate the host header in HTTP requests. This can lead to changing...

CVE-2025-2833

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...

CVE-2025-25198

mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's password reset functionality allows an attacker to manipulate the Host HTTP header to generate a password reset link pointing to an attacker-controlled domain. This...

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

CVE-2024-12988 Netgear R6900P/R7000P HTTP Header sub_16C4C buffer overflow

A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The...

CVE-2024-7207

...

K23860356: TMM vulnerability CVE-2019-6660

Security Advisory Description iRules performing HTTP header manipulation may cause a denial-of-serviceDoS when processing traffic handled by a virtual server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs.CVE-2019-6660 Impact The...

CVE-2023-0040

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

Contest Gallery < 19.1.5.1 - Unauthenticated SQL Injection

The plugins do not escape the userid POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php HTTP/1.1 Host:...

CVE-2022-35411

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON not Pickle is the default data format, an unauthenticated client can cause the data to be processed with unpickle...

Host Header Injection

craftcms/cms is vulnerable to host header injection. The vulnerability exists due to the lack of validation in the password reset token in processInvalidToken function of UsersController.php, allowing an attacker with valid email addresses or account names to manipulate the password reset...