CVE-2025-0159 IBM FlashSystem authentication bypass

IBM FlashSystem IBM Storage Virtualize 8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1 could allow a remote attacker to bypas...

Host Header Injection

leantime/leantime is vulnerable to Host Header Injection. The vulnerability is due to improper validation of the host header due to the system allowing attackers to manipulate HTTP request headers, leading to unauthorized access to user details...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ruby2.5 (SUSE-SU-2025:0736-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0736-1 advisory. - CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick bsc1230930 - CVE-2024-49761:...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Gunicorn

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Gunicorn Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting...

SUSE-SU-2025:0736-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick bsc1230930 - CVE-2024-49761: Fixed a ReDoS vulnerability in ruby rexml bsc1232440 Other fixes: - ruby/uri Fix quadratic backtracking on invalid relative URI - ruby/time Make...

Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-845)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-845 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode...

Security Bulletin: Vulnerability in gunicorn affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-1135]

Summary The gunicorn package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the...

openSUSE Security Advisory (SUSE-SU-2024:2881-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7284-1 netty vulnerabilities

Jonathan Leitschuh discovered that Netty did not correctly handle file permissions when writing temporary files. An attacker could possibly use this issue to leak sensitive information. CVE-2022-24823 It was discovered that Netty did not correctly handle limiting the number of fields when decodin...

acp2sev 7.2.2 Cross Site Scripting Vulnerability

Exploit Title: Self Stored XSS - acp2sev7.2.2 Date: 02/2025 Exploit Author: Andrey Stoykov Version: 7.2.2 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2025/02/friday-fun-pentest-series-19-self.html Self Stored XSS 1: Steps to Reproduce: 1. Visit...

Medium: php8.1

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os

This tool tests whether a target PAN-OS device is vulnerable to...

Regular Expression Denial Of Service (ReDoS)

@octokit/request-error is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the handling of HTTP request headers. Specifically, the regex used to process authorization headers fails to handle excessive whitespace...

Cisco Secure Web Appliance Input Validation Error Vulnerability

Cisco Secure Web Appliance is an application from Cisco USA. An input validation error vulnerability exists in Cisco Secure Web Appliance that stems from improper handling of HTTP request headers and can be exploited by an attacker to download malicious files...

RHEL 8 : RHUI 4.11 (RHSA-2025:1335)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1335 advisory. Red Hat Update Infrastructure RHUI provides a highly scalable and redundant framework for managing repositories and content. It also allows...

Tenda W18E Authorization Issue Vulnerability (CNVD-2025-05370)

The Tenda W18E is a wireless router from the Chinese company Tenda. An authorization issue vulnerability exists in the Tenda W18E version 16.01.0.81625, which stems from improper authentication of the device and can be exploited by an attacker to gain administrative access by sending a specially...

GHSA-XX4V-PRFH-6CGC @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long sequence of spaces followed by a newline and "@", an attacker can exploit inefficient regular expression processin...

CVE-2025-0178 WatchGaurd Firebox Host Header Injection Vulnerability

Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious...

CVE-2024-32638

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Apache APISIX when using forward-auth plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue...

CVE-2023-46297

An issue was discovered on Mercusys MW325R EU V3 MW325REUV31.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface...