SUSE SLES15 Security Update : python-h2 (SUSE-SU-2025:03273-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03273-1 advisory. - CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737 Tenable has extracted the preceding...

CLSA-2025-1758294053 nodejs: Fix of CVE-2024-27982

CVE-2024-27982: prevent HTTP request smuggling by properly interpreting content-length header...

SUSE-SU-2025:03273-1 Security update for python-h2

This update for python-h2 fixes the following issues: - CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737...

Security update for python-h2

This update for python-h2 fixes the following issues: CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

CVE-2025-56648

npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them. Mitigation Mitigation for this issue is either not available o...

HTTP Request Smuggling (HRS)

mitmproxy is vulnerable to HTTP request smuggling. The vulnerability is due to mitmproxy embedding python-hyper/h2 ≤ v4.2.0 which has a gap in its HTTP/2 header validation, which allows an attacker to smuggle requests when mitmproxy translates HTTP/2 to HTTP/1...

CVE-2025-6999

An HTTP Request Smuggling CWE-444 vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting XSS attack.This issue affects Fireware OS: from 12.0 through 12.11.2...

CVE-2025-56648

npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them...

CVE-2025-10432

A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function checkparamchanged of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU results in stack-based buffer overflow. Remote exploitation of...

PT-2025-38001

Name of the Vulnerable Software and Affected Versions InterSystems Caché 2009.1 affected versions not specified Description A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché. The issue is triggered by sending a specially crafted HTTP GET request...

CVE-2025-6999

An HTTP Request Smuggling CWE-444 vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting XSS attack.This issue affects Fireware OS: from 12.0 through 12.11.2...

CVE-2025-10432 Tenda AC1206 HTTP Request AdvSetMacMtuWa check_param_changed stack-based overflow

A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function checkparamchanged of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU results in stack-based buffer overflow. Remote exploitation of...

CVE-2025-10432 Tenda AC1206 HTTP Request AdvSetMacMtuWa check_param_changed stack-based overflow

A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function checkparamchanged of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU results in stack-based buffer overflow. Remote exploitation of...

PT-2025-37771

Name of the Vulnerable Software and Affected Versions: WatchGuard Fireware OS versions 12.0 through 12.11.2 Description: An HTTP Request Smuggling vulnerability exists in the Authentication portal of WatchGuard Fireware OS, allowing a remote attacker to evade request parameter sanitation and...

openSUSE Security Advisory (SUSE-SU-2025:03199-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2025:03202-1 Security update for python-eventlet

This update for python-eventlet fixes the following issues: - CVE-2025-58068: improper handling of HTTP trailer sections in WSGI parser leads to HTTP request smuggling bsc1248994...

SUSE-SU-2025:03199-1 Security update for python-h2

This update for python-h2 fixes the following issues: - CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737...

RICOH Streamline NX 安全漏洞

RICOH Streamline NX is a document and print management software from RICOH Japan. A security vulnerability exists in RICOH Streamline NX versions 3.5.1 through 24R3 that originates from a man-in-the-middle attack that can be performed by an attacker to change the value of an HTTP request, which...

GHSA-J4FW-4MHR-HC45 Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...

Linux Distros Unpatched Vulnerability : CVE-2025-55763

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 latest allows a remote attacker to achieve remote code execution via a crafted HTTP request. Thi...