2483 matches found
EUVD-2022-2542
Malicious code in bioql PyPI...
EUVD-2022-4678
Malicious code in bioql PyPI...
EUVD-2024-16993
Malicious code in bioql PyPI...
EUVD-2023-23486
Malicious code in bioql PyPI...
EUVD-2023-54189
Malicious code in bioql PyPI...
EUVD-2022-3625
Malicious code in bioql PyPI...
EUVD-2023-58107
Malicious code in bioql PyPI...
EUVD-2022-33173
Malicious code in bioql PyPI...
RLSA-2025:10873 Important: java-21-openjdk security update
The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Better Glyph drawing CVE-2025-30749 JDK: Enhance TLS protocol support CVE-2025-30754 JDK: Improve HTTP client header handling CVE-2025-50059 JDK: Better...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the /meta/proxy endpoint. An attacker can obtain sensitive information by sending requests that cause identifiable data, such as email addresses, to be forwarded to external services through specific HTTP header...
CVE-2025-8411
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers. This issue affects E-Commerce Web Design Product: before 11.08.2025...
CVE-2025-8411
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers. This issue affects E-Commerce Web Design Product: before 11.08.2025...
CVE-2025-8411
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers. This issue affects E-Commerce Web Design Product: before 11.08.2025...
php: Stream HTTP wrapper header check might omit basic auth header
A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...
OESA-2025-2175 python-pip security update
pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 3 Summary: A...
CLSA-2025-1757016160 Fix CVE(s): CVE-2025-1217, CVE-2025-1734, CVE-2025-1736, CVE-2025-1861
SECURITY UPDATE: misinterpretation of HTTP response headers - debian/patches/CVE-2025-1217.patch: adds HTTP header folding support for HTTP wrapper response headers in ext/standard/httpfopenwrapper.c - CVE-2025-1217 SECURITY UPDATE: insufficient HTTP header validation -...
Linux Distros Unpatched Vulnerability : CVE-2015-5741
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request...
Malicious code in camelize-http-headers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a51a98ebb3bf39ce4592df2daa07de423db9f54f9b5c31e5a0b42f2371cd6024 The OpenSSF Package Analysis project identified 'camelize-http-headers' @ 1.1.1 npm as malicious. It is considered malicious because: - The...
MAL-2025-42135 Malicious code in camelize-http-headers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a51a98ebb3bf39ce4592df2daa07de423db9f54f9b5c31e5a0b42f2371cd6024 The OpenSSF Package Analysis project identified 'camelize-http-headers' @ 1.1.1 npm as malicious. It is considered malicious because: - The...
Linux Distros Unpatched Vulnerability : CVE-2021-22132
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store t...