Cisco Secure Web Appliance Input Validation Error Vulnerability

Cisco Secure Web Appliance is an application from Cisco USA. An input validation error vulnerability exists in Cisco Secure Web Appliance that stems from improper handling of HTTP request headers and can be exploited by an attacker to download malicious files...

RHEL 8 : RHUI 4.11 (RHSA-2025:1335)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1335 advisory. Red Hat Update Infrastructure RHUI provides a highly scalable and redundant framework for managing repositories and content. It also allows...

Tenda W18E Authorization Issue Vulnerability (CNVD-2025-05370)

The Tenda W18E is a wireless router from the Chinese company Tenda. An authorization issue vulnerability exists in the Tenda W18E version 16.01.0.81625, which stems from improper authentication of the device and can be exploited by an attacker to gain administrative access by sending a specially...

GHSA-XX4V-PRFH-6CGC @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long sequence of spaces followed by a newline and "@", an attacker can exploit inefficient regular expression processin...

CVE-2025-0178 WatchGaurd Firebox Host Header Injection Vulnerability

Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious...

CVE-2024-32638

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Apache APISIX when using forward-auth plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue...

CVE-2023-46297

An issue was discovered on Mercusys MW325R EU V3 MW325REUV31.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface...

CBL Mariner 2.0 Security Update: python-twisted (CVE-2023-46137)

The version of python-twisted installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-46137 advisory. - Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when...

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 5.9.11

Logging for Red Hat OpenShift - 5.9.11 Logging for Red Hat OpenShift - 5.9.11 logging-fluentd-container: HTTP request smuggling CVE-2024-47220 cluster-logging-operator-container: Info Leak via Uninitialized Stack Contents CVE-2024-12085...

CVE-2025-26378

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to reset passwords, including the ones of administrator accounts, via crafted HTTP requests...

Important: Red Hat Security Advisory: RHUI 4.11 security, bugfix, and enhancement update

An updated version of Red Hat Update Infrastructure RHUI is now available. RHUI 4.11 updates Pulp to a newer upstream version, fixes several issues, and adds an enhancement. Red Hat Update Infrastructure RHUI provides a highly scalable and redundant framework for managing repositories and content...

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions. An attacker could exploit the vulnerability to read sensitive files via a specially crafted HTTP request...

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that originates from a missing authorization in maxprofile/user-groups/routes.lua. An attacker could exploit the...

CVE-2024-46434

CVE-2024-46434 affects the Tenda W18E router (version 16.01.0.8(1625)). The connected documents describe an authentication bypass in the web management portal that lets an unauthorized remote attacker gain administrative access by sending a specially crafted HTTP request. The CVSSv3.1 metrics ind...

EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2025-1160)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored,...

EulerOS 2.0 SP12 : libsoup (EulerOS-SA-2025-1177)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored,...

Azure Linux 3.0 Security Update: php (CVE-2024-11234)

The version of php installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-11234 advisory. - In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured...

EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2025-1141)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored,...

EulerOS 2.0 SP12 : libsoup (EulerOS-SA-2025-1193)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored,...

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2025-1193)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...