16585 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-11234
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and requestfulluri option, the URI is not...
Linux Distros Unpatched Vulnerability : CVE-2022-24766
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request...
Linux Distros Unpatched Vulnerability : CVE-2024-1135
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting...
USN-7318-1 spip vulnerabilities
It was discovered that svg-sanitizer, vendored in SPIP, did not properly sanitize SVG/XML content. An attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 24.10. CVE-2022-23638 It was discovered that SPIP did not properly sanitize certain inputs....
Linux Distros Unpatched Vulnerability : CVE-2019-18678
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits...
Linux Distros Unpatched Vulnerability : CVE-2014-0099
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a...
Linux Distros Unpatched Vulnerability : CVE-2019-16276
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. CVE-2019-16276 Note that Nessus relies on the presence of the package as reported by th...
CVE-2025-1867
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in ithewei libhv allows HTTP Response Smuggling.This issue affects libhv: through 1.3.3...
CVE-2025-1867
CVE-2025-1867 concerns the libhv library (up to version 1.3.3) from ithewei, where an issue in the inconsistent interpretation of HTTP requests leads to HTTP Response Smuggling . The mechanism is primarily a root-cause of malformed request/response handling within libhv that can impact all three ...
Linux Distros Unpatched Vulnerability : CVE-2011-3624
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers...
CVE-2025-1833
A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customernotice/CustomernoticeAction.java of the component HTTP Request Handler. The manipulation of the argumen...
CVE-2025-1833
A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customernotice/CustomernoticeAction.java of the component HTTP Request Handler. The manipulation of the argumen...
CVE-2025-1833 zj1983 zz HTTP Request Customer_noticeAction.java sendNotice server-side request forgery
A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customernotice/CustomernoticeAction.java of the component HTTP Request Handler. The manipulation of the argumen...
CVE-2025-1833 zj1983 zz HTTP Request Customer_noticeAction.java sendNotice server-side request forgery
A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customernotice/CustomernoticeAction.java of the component HTTP Request Handler. The manipulation of the argumen...
CVE-2025-1833
CVE-2025-1833 affects zj1983 zz (up to 2024-8) in the HTTP Request Handler’s function sendNotice. The root cause is manipulation of the parameter url, leading to server-side request forgery (SSRF). Exploitation is described as remote and publicly disclosed. Multiple sources corroborate the same d...
CVE-2025-0159
IBM FlashSystem IBM Storage Virtualize 8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1 could allow a remote attacker to bypas...
PT-2025-9219 · Zj1983 · Zj1983
Name of the Vulnerable Software and Affected Versions: zj1983 zz versions up to 2024-8 Description: A critical issue has been found in the function sendNotice of the file src/main/java/com/futvan/z/erp/customer notice/Customer noticeAction.java of the component HTTP Request Handler. The...
CVE-2025-0159
IBM FlashSystem IBM Storage Virtualize 8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1 could allow a remote attacker to bypas...
CVE-2025-0159
IBM FlashSystem IBM Storage Virtualize 8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1 could allow a remote attacker to bypas...
CVE-2025-0159 IBM FlashSystem authentication bypass
IBM FlashSystem IBM Storage Virtualize 8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1 could allow a remote attacker to bypas...