PT-2025-26814 · Brother Industries +4 · Ads-2400N +680

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages t...

Debian dsa-5948 : trafficserver - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5948 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5948-1 [email protected] https://www.debian.org/securit...

RHEL 10 : osbuild-composer (RHSA-2025:9623)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9623 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...

Moderate: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: net/http:...

[SECURITY] [DSA 5948-1] trafficserver security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5948-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 24, 2025 https://www.debian.org/security/faq -...

BIT-OPENRESTY-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

PT-2025-26702 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns HTTP Request Smuggling in the Apache HTTP Server. No specific details about the estimated number of potentially affected devices worldwide or real-world...

Ruby WEBrick read_header HTTP Request Smuggling Vulnerability

This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the readheaders method. The issue...

PT-2025-26617 · Ruby +1 · Ruby Webrick +1

Name of the Vulnerable Software and Affected Versions: Ruby WEBrick affected versions not specified Description: The issue concerns an HTTP Request Smuggling Vulnerability in Ruby WEBrick's read header function. No information is provided about the estimated number of potentially affected devices...

RHEL 8 : grafana (RHSA-2025:9311)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9311 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: net/http: Request...

CVE-2025-6399

A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to...

K000151740: Ruby vulnerability CVE-2024-47220

Security Advisory Description An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the...

Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities

Summary IBM Security Guardium Insights has addressed the following vulnerabilities Vulnerability Details CVEID:CVE-2020-13949 DESCRIPTION: Apache Thrift is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted messages, a remote attacker could exploi...

ROS-20250619-08

The h11 library vulnerability is related to flaws in HTTP request processing. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality and integrity of protected information. of protected information...

ALSA-2025:9149 Moderate: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 For more details about the...

Moderate: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 For more details about the...

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

Liferay Portal和Liferay DXP 资源管理错误漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

TencentOS Server 3: resource-agents (TSSA-2024:0387)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0387 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: squid:4 (TSSA-2023:0289)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0289 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...