16584 matches found
Important: Red Hat Security Advisory: updated discovery container images
Updated container images are now available for Discovery 1.13.1. The Discovery container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog see...
CVE-2025-3248 Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...
CVE-2025-32013
LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery SSRF vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request ...
CVE-2025-32013 Server-Side Request Forgery via LNURL Authentication Callback in LNbits Lightning Network Payment System
LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery SSRF vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request ...
[SECURITY] [DSA 5896-1] trafficserver security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5896-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 05, 2025 https://www.debian.org/security/faq -...
CVE-2025-29462
A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack...
Debian dsa-5896 : trafficserver - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5896 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5896-1 [email protected] https://www.debian.org/securit...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to inconsistent interpretation of HTTP requests in Golang (CVE-2022-1705)
Summary Golang is used by IBM Storage Fusion Data Foundation as a core part of operators. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-1705. Vulnerability Details CVEID:CVE-2022-1705 DESCRIPTION: Golang Go is vulnerable to...
BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
Summary A Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest versionv1.4.2 of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. Details It exists an unsafe code segment in serde.py: Python def...
Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-22019)
The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22019 advisory. - A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP reque...
CVE-2025-29462
A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack...
CVE-2025-29462
A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack...
CVE-2025-29462
A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack...
CVE-2025-29462
A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack...
PT-2025-14788 · Tenda · Tenda Ac15
Name of the Vulnerable Software and Affected Versions: Tenda Ac15 version 15.13.07.13 Description: A buffer overflow issue has been discovered. It occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer ...
📄 SAP HTTP Request Smuggling
SAPGateBreaker HTTP request smuggling proof of concept exploit that demonstrates a vulnerability in SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53, and SAP Web Dispatcher. Exploit Title: SAPGateBreaker Exploit - CVE-2022-22536 ...
CVE-2025-29462
CVE-2025-29462 concerns Tenda AC15 (firmware v15.13.07.13). The issue is a stack buffer overflow in webCgiGetUploadFile when processing HTTP requests via socketRead, potentially allowing arbitrary code execution. Multiple sources corroborate the vulnerability in the Tenda AC15 webCgiGetUploadFile...
CVE-2025-26689
Direct request 'Forced Browsing' issue exists in CHOCO TEI WATCHER mini IB-MCT001 all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered...
SAP NetWeaver - 7.53 - HTTP Request Smuggling
Exploit Title: SAPGateBreaker Exploit - CVE-2022-22536 - HTTP Request Smuggling Through SAP's Front Door Google Dork: https://github.com/BecodoExploit-mrCAT/SAPGateBreaker-Exploit/blob/main/dorks Date: Tuesday, April 2, 2025 Exploit Author: @C41Tx90 - Victor de Queiroz - Beco do Exploit - Elytron...
Exploit for HTTP Request Smuggling in Sap Content_Server
CVE-2022-22536: HTTP Smuggling Through SAP's Front Door SAP Ne...