CVE-2025-20164

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager DM of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2024-6827, CVE-2025-1194]

Summary Python modules gunicorn and transformers are used by IBM App Connect Enterprise Certified Container when providing mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin...

SUSE SLES12 Security Update : libsoup (SUSE-SU-2025:1518-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1518-1 advisory. - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 - CVE-2024-52531: Fixed buffer...

SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation

Exploit Title: SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation Date: 2025-05-7 Exploit Author: Abdualhadi khalifa https://x.com/absholi7ly/ Affected: Versions All versions of OttoKit SureTriggers ≤ 1.0.82. Conditions for Exploitation The vulnerability can be exploited under the followin...

SUSE-SU-2025:1518-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 - CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 - CVE-2024-52532: Fixed...

Rego Code Injection

github.com/open-policy-agent/opa is vulnerable to Rego code injection. The vulnerability is due to unsanitized HTTP request paths being used to construct Rego queries during policy evaluation, allowing attackers to inject Rego code...

BIT-MASTODON-2023-49952

Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...

Tenable Sensor Proxy < 1.2.0 Multiple Vulnerabilities (TNS-2025-08)

According to its self-reported version, the Tenable Sensor Proxy running on the remote host is less than 1.2.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-08 advisory. - Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. CVE-2019-162...

Ubuntu 24.04 LTS / 24.10 / 25.04 : h11 vulnerability (USN-7503-1)

The remote Ubuntu 24.04 LTS / 24.10 / 25.04 host has a package installed that is affected by a vulnerability as referenced in the USN-7503-1 advisory. Jeppe Bonde Weikop discovered that h11 incorrectly handled crafted HTTP requests. A remote attacker could possibly use this issue to smuggle...

CVE-2025-20164

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager DM of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this...

CVE-2025-20164

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager DM of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this...

Cisco IOS Software Industrial Ethernet Switch Device Manager Privilege Escalation Vulnerability

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager DM of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this...

USN-7490-3: libsoup vulnerabilities

USN-7490-1 fixed vulnerabilities in libsoup2.4. This update provides the corresponding updates for libsoup3. Original advisory details: Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a malicious...

BIT-MASTODON-2024-34535

In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header...

RockyLinux 8 : squid:4 (RLSA-2024:1375)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1375 advisory. squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of service i...

USN-7490-2: libsoup regression

USN-7490-1 fixed vulnerabilities in libsoup. It was discovered that the fix for CVE-2025-32912 was incomplete. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request...

USN-7490-1: libsoup vulnerabilities

Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. CVE-2025-32906 Alon Zahavi discovered that libsoup incorrectly parse...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : libsoup vulnerabilities (USN-7490-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7490-1 advisory. Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP reques...

Security Bulletin: Vulnerability in gunicorn affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2024-1135].

Summary The gunicorn package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the...

HTTP Request Smuggling

h11 is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper input validation in lenient parsing of line terminators in chunked transfer encoding, which can be exploited when combined with a misconfigured proxy...