CVE-2025-40617 SQL injection vulnerability in Bookgy

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkgseleccionarhoraajax.php...

CVE-2025-40617 SQL injection vulnerability in Bookgy

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkgseleccionarhoraajax.php...

Amazon Linux 2 : runc (ALASECS-2025-057)

The version of runc installed on the remote host is prior to 1.1.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-057 advisory. Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allow...

Amazon Linux 2 : runc (ALASNITRO-ENCLAVES-2025-055)

The version of runc installed on the remote host is prior to 1.1.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-055 advisory. Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go...

CVE-2025-36625

In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application...

CVE-2024-6198

The CVE-2024-6198 entry concerns Viasat modems exposing a web interface on ports 3030 and 9882, served by lighttpd implementing the SNORE interface. The vulnerability is a stack buffer overflow caused by insecure path parsing, exploitable by a specially crafted HTTP request from a LAN network int...

CVE-2024-6198 SNORE Interface Unauthenticated Remote Code Execution

The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could u...

Security Bulletin: Vulnerability in Puma used by Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-45614)

Summary There is a potential HTTP request smuggling in Puma that affect Logstash used by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2024-45614 DESCRIPTION: Puma is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP X-Forwarded-For header. By...

PT-2025-18257 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to write arbitrary files in arbitrary file...

PT-2025-18262 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the wireless network...

PT-2025-18251 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning...

Improper Request Handling

http-proxy-middleware is vulnerable to Improper Request Handling. The vulnerability is due to improper request handling caused by fixRequestBody executing even when bodyParser has failed, which allows attackers to smuggle malicious HTTP requests...

📄 AlegroCart 1.2.9 Logic Flaw

AlegroCart version 1.2.9 suffers from a business logic flaw that allows for price manipulation. Exploit Title: Business Logic Flaw: Price Manipulation - alegrocartv1.2.9 Date: 04/2025 Exploit Author: Andrey Stoykov Version: 1.2.9 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Busines...

PT-2025-17617 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns HTTP Request Smuggling in the Apache HTTP Server. No information is provided about the estimated number of potentially affected devices worldwide or real-world...

GO-2025-3627 Traefik affected by Go HTTP Request Smuggling Vulnerability in github.com/traefik/traefik

Traefik affected by Go HTTP Request Smuggling Vulnerability in github.com/traefik/traefik...

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

CVE-2025-3577

UNSUPPORTED WHEN ASSIGNED A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00AAJC.16C0 could allow an authenticated attacker with administrator privileges to access restricted directories by sending a crafted HTTP request to an affected...

CVE-2025-3577

CVE-2025-3577 affects Zyxel AMG1302-T10B (firmware 2.00(AAJC.16)C0). The issue is a path traversal in the web management interface that an authenticated administrator can exploit by sending a crafted HTTP request to access restricted directories. The CVSS metrics indicate Network access with Low ...

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...