Shopify Pitchfork 注入漏洞

Shopify Pitchfork is a preforked HTTP server for a Rack application from Shopify Canada. An injection vulnerability exists in Shopify Pitchfork versions prior to 0.11.0 that stems from HTTP response header injection when used in conjunction with Rack 3...

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related IBM WebSphere Application Server Liberty and FasterXML jackson-databind

Summary Vulnerabilities in IBM WebSphere Application Server Liberty and FasterXML jackson-databind such as HTTP header injection, identity spoofing, denial of service may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0...

USN-7372-1: Varnish vulnerability

Martin van Kervel Smedshammer discovered that Varnish did not properly sanitize certain HTTP headers. A remote attacker could possibly use this issue to perform a cross-site request forgery CSRF attack...

Security Bulletin: IBM Robotic Process Automation is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.

Summary IBM Robotic Process Automation is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Vulnerability Details CVEID:CVE-2022-41292 DESCRIPTION: IBM Robotic Process Automation is vulnerable to HTTP header injection, caused by improper validation o...

Security Bulletin: IBM Aspera Faspex 5.0.0/5.0.1 affected by vulnerability (CVE-2022-22399)

Summary This security bulletin addresses a HTTP header injection vulnerability that have been remediated in IBM Aspera Faspex 5.0.2. Vulnerability Details CVEID:CVE-2022-22399 DESCRIPTION: IBM Aspera Faspex 5 is vulnerable to HTTP header injection, caused by improper validation of input by the HO...

CVE-2025-2358

A vulnerability was found in Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Kfxt/Service.asmx of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For lead...

CVE-2025-2358

CVE-2025-2358 affects Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0. The vulnerability is an SQL injection in the HTTP Header Handler, triggered by manipulating the X-Forwarded-For argument in requests to /Kfxt/Service.asmx. It is described as remotely exploitable and has...

CVE-2025-2358 Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System HTTP Header Service.asmx sql injection

A vulnerability was found in Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Kfxt/Service.asmx of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For lead...

The vulnerability of the PHP programming language interpreter, related to deficiencies in handling HTTP request headers, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the PHP programming language interpreter is related to deficiencies in the processing of HTTP request headers. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests a type of HTTP Request Smuggling attack...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to HTTP header injection due to the Django package (CVE-2021-32052)

Summary Django is used by IBM DataStage on Cloud Pak for Data as part of server processing. Vulnerability Details CVEID:CVE-2021-32052 DESCRIPTION: Django is vulnerable to HTTP header injection, caused by improper validation of input in URLValidator. By persuading a victim to visit a...

SUSE-SU-2025:20143-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-27144: Fixed gopkg.in/square/go-jose.v2,gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE's Parsing Vulnerable to Denial of Service bsc1237641: - CVE-2024-11218: Fixed...

CVE-2023-35894

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

CVE-2023-35894

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

CVE-2023-35894 IBM Control Center HOST header injection

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

CVE-2023-35894

IBM Control Center (IBM Sterling Control Center) versions 6.2.1 and 6.3.1 are affected by CVE-2023-35894 due to improper validation of HOST header input, enabling HTTP header injection that can lead to cross-site scripting, cache poisoning, or session hijacking. Remediation per IBM bulletin: upgr...

CVE-2023-35894 IBM Control Center HOST header injection

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

Security Bulletin: IBM Sterling Control Center is vulnerable to HTTP Host Header Injection Vulnerability

Summary HTTP Host Header Injection Vulnerability is affecting Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2023-35894 DESCRIPTION: IBM Sterling Control Center is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow ...

D-Link DAP-1562 Stack Buffer Overflow Vulnerability

The D-Link DAP-1562 is a wireless bridge from China's AUO D-Link. A security vulnerability exists in the D-Link DAP-1562 version 1.10, which stems from a stack buffer overflow in the HTTP Header Handler, which could lead to a remote attack. An attacker can exploit the vulnerability to execute...

Linux Distros Unpatched Vulnerability : CVE-2023-28362

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for...

SUSE-SU-2025:20230-1 Security update for haproxy

This update for haproxy fixes the following issues: Update to version 2.8.11+git0.01c1056a4: VUL-0: CVE-2024-53008: haproxy: HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server bsc1233973 BUG/MINOR: cfgparse-listen: fix option httpslog overrid...