RHEL 8 : nodejs:20 (RHSA-2026:8339)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8339 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

EUVD-2004-0738

Malware in sbrugna...

EUVD-2017-1379

Malware in sbrugna...

EUVD-2017-3819

Malware in sbrugna...

EUVD-2001-0517

Malware in sbrugna...

EUVD-2011-0528

Malware in sbrugna...

EUVD-2020-2831

Malware in sbrugna...

EUVD-2019-2614

Malware in sbrugna...

EUVD-2007-4961

Malware in sbrugna...

EUVD-2007-0004

Malware in sbrugna...

EUVD-2024-3584

Malicious code in bioql PyPI...

EUVD-2022-32611

Malicious code in bioql PyPI...

EUVD-2015-5685

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-1734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers...

CVE-2024-40686 IBM SmartCloud Analytics - Log Analysis HOST header injection

IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including...

CVE-2025-43931

flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...

CVE-2025-50404

Intelbras RX1500 Router v2.2.17 and before is vulnerable to Integer Overflow. The websReadEvent function incorrectly uses the int type when processing the "command" field of the http header, causing the array to cross the boundary and overwrite other fields in the array...

CVE-2023-0040

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

CVE-2021-35503

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...

CVE-2019-14457

VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header...