CVE-2025-20332 Cisco Identity Services Engine Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This vulnerability is due to the lack of server-side validation of Administrator permissions. An attacker could exploit this...

CVE-2025-20332 Cisco Identity Services Engine Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This vulnerability is due to the lack of server-side validation of Administrator permissions. An attacker could exploit this...

CVE-2025-23311

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering...

CVE-2025-23317

NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information...

Linux Distros Unpatched Vulnerability : CVE-2022-36760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests ...

Cisco Identity Services Engine (cisco-sa-ise_xss_acc_cont-YsR4uT4U)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This vulnerability is due to the lack of...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1115)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1115 advisory. Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is...

CVE-2025-6175

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in DECE Software Geodi allows HTTP Request Splitting. This issue affects Geodi: before GEODI Setup 9.0.146...

CVE-2025-50847

Cross Site Request Forgery CSRF vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request...

(Pwn2Own) QNAP QHora-322 access_setting HTTP Request Smuggling Vulnerability

This vulnerability allows network-adjacent attackers to smuggle arbitrary HTTP requests on affected installations of QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within th...

(Pwn2Own) QNAP QHora-322 local_pwd_reset HTTP Request Smuggling Vulnerability

This vulnerability allows network-adjacent attackers to smuggle arbitrary HTTP requests on affected installations of QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within th...

Amazon Linux 2 : ruby (ALAS-2025-2931)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2931 advisory. Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTT...

Medium: ruby

Issue Overview: Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific...

CVE-2025-6175

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in DECE Software Geodi allows HTTP Request Splitting. This issue affects Geodi: before GEODI Setup 9.0.146...

CVE-2025-6175 CRLF Injection in DECE Software's Geodi

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in DECE Software Geodi allows HTTP Request Splitting. This issue affects Geodi: before GEODI Setup 9.0.146...

CVE-2025-6175 CRLF Injection in DECE Software's Geodi

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in DECE Software Geodi allows HTTP Request Splitting. This issue affects Geodi: before GEODI Setup 9.0.146...

CVE-2025-6175

CVE-2025-6175 describes an Improper Neutralization of CRLF Sequences (CRLF Injection) in DECE Software Geodi that allows HTTP Request Splitting. Affected product: DECE Software Geodi (before GEODI Setup 9.0.146). Root cause documented as improper CRLF handling, enabling split requests. Impact not...

PT-2025-31198 · Dece · Geodi

Name of the Vulnerable Software and Affected Versions: DECE Software Geodi versions prior to 9.0.146 Description: The software contains an Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability, which allows for HTTP Request Splitting. Recommendations: Update to GEODI Setup...

CVE-2025-24485

A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

PT-2025-31100 · Unknown · Meddream Pacs Premium

Name of the Vulnerable Software and Affected Versions: MedDream PACS Premium version 7.3.5.860 Description: A server-side request forgery issue exists in the cecho.php functionality. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger...