Linux Distros Unpatched Vulnerability : CVE-2018-1000027

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response...

CVE-2025-1876

A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function httprequestparse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack may be launched...

CVE-2025-1876

A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function httprequestparse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack may be launched...

CVE-2025-1876 D-Link DAP-1562 HTTP Header http_request_parse stack-based overflow

A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function httprequestparse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack may be launched...

CVE-2025-1876 D-Link DAP-1562 HTTP Header http_request_parse stack-based overflow

A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function httprequestparse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack may be launched...

CVE-2025-1876

CVE-2025-1876 affects D-Link DAP-1562 running version 1.10. The issue is a stack-based buffer overflow in the HTTP Header Handler’s http_request_parse function triggered by manipulation of the Authorization argument. The vulnerability can be exploited remotely to potentially execute arbitrary cod...

ClickHouse < 19.13.5.44

The version of ClickHouse installed on the remote host is prior to 19.13.5.44. It is, therefore, affected by a HTTP header injection vulnerability via the url table function. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

The vulnerability of the Header MVC framework for developing web systems and applications in CodeIgniter allows a attacker to trigger a service failure.

The vulnerability of the Header MVC framework used for developing web systems and applications in CodeIgniter relates to conflicts in interpretation when processing HTTP headers’ names and values. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

Octokit 安全漏洞

Octokit is a Ruby toolkit for the GitHub API. A security vulnerability exists in Octokit version 1.0.0 through versions prior to 6.1.7, which stems from a Regular Expression Denial of Service ReDoS vulnerability in the processing of HTTP request headers, which can be exploited by an attacker to...

CVE-2025-24888 Path traversal in SecureDrop Client API.download_reply()

The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to version 0.14.1, a malicious SecureDrop Server could obtain code execution on the SecureDrop Client virtual machine sd-app. SecureDrop Server...

FreeBSD : Gitlab -- Vulnerabilities (1a8c5720-e9cf-11ef-9e96-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1a8c5720-e9cf-11ef-9e96-2cf05da270f3 advisory. Gitlab reports: A CSP-bypass XSS in merge-request page Denial of Service due to Unbounded Symb...

CVE-2025-25198

mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's password reset functionality allows an attacker to manipulate the Host HTTP header to generate a password reset link pointing to an attacker-controlled domain. This...

CVE-2025-25200

CVE-2025-25200 — Koa (Node.js): A regex-based issue in Koa’s header parsing (X-Forwarded-Proto/Host) before versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3 can be exploited to cause a Denial-of-Service. The fix is included in those versions (and later). The vulnerability stems from an inefficie...

Gitlab -- Vulnerabilities

Gitlab reports: A CSP-bypass XSS in merge-request page Denial of Service due to Unbounded Symbol Creation Exfiltrate content from private issues using Prompt Injection A custom permission may allow overriding Repository settings Internal HTTP header leak via route confusion in workhorse SSRF via...

USN-7260-1: OpenRefine vulnerabilities

It was discovered that OpenRefine did not properly handle opening tar files. If a user or application were tricked into opening a crafted tar file, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2023-37476 It was discovered that...

Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : OpenRefine vulnerabilities (USN-7260-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7260-1 advisory. It was discovered that OpenRefine did not properly handle opening tar files. If a user or application were tricked into opening a...

CVE-2022-4541

The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-32980

Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header...

CVE-2024-20353

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. This...

Security Bulletin: Vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH, Linux kernel might affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH and Linux. Vulnerabilities include, causing a denial-of-service condition, the elevation of privileges, remote execution of arbitrary code, HTTP header injection, HTML injection,...