Medium: aws-cfn-bootstrap

Issue Overview: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc...

EUVD-2025-5808

Malicious code in bioql PyPI...

EUVD-2024-0866

Malicious code in bioql PyPI...

EUVD-2021-9048

Malicious code in bioql PyPI...

ROS-20250703-12

A vulnerability in the HTTP Requests library of the Python Requests programming language is related to the fact that the library passes .netrc credentials to third parties for certain malicious URLs. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data...

CVE-2021-21877

Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An attacker can make authenticated HTTP requests to trigger this vulnerability...

CVE-2020-21989

HomeAutomation 3.3.2 is affected by Cross Site Request Forgery CSRF. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges i...

CVE-2025-44084

D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system...

CVE-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

CVE-2023-42784

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...

CVE-2023-50330

A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability...

Hewlett Packard Enterprise MSA Controller Environment Issue Vulnerability

The Hewlett Packard Enterprise MSA Controller HPE MSA Controller is a series of controllers from Hewlett Packard Enterprise USA. A security vulnerability exists in versions prior to Hewlett Packard Enterprise MSA Controller IN210R004, which stems from a vulnerability that allows an attacker to...