EUVD-2022-5784

Malicious code in bioql PyPI...

CVE-2019-8136

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component...

CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`

Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...

CVE-2025-32395

CVE-2025-32395 affects Vite (frontend tooling for JavaScript). The vulnerability arises when a dev server is exposed to the network on Node/Bun (not Deno) and a request-target containing a # is processed, bypassing server.fs.deny due to req.url handling. Affected versions prior to 6.2.6, 6.1.5, 6...

CVE-2024-50345

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class...

CVE-2024-50345 Open redirect via browser-sanitized URLs in symfony/http-foundation

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class...

GHSA-H7V2-2QWG-H829 Symfony has a security issue when parsing the Authorization header

All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore...

GHSA-XGCP-59G2-WM8G Magento 2 Community Edition Insecure Component

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component...

NewStart CGSL CORE 5.05 / MAIN 5.05 : http-parser Multiple Vulnerabilities (NS-SA-2019-0257)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has http-parser packages installed that are affected by multiple vulnerabilities: - The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to b...

CVE-2019-8136

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component...

Design/Logic Flaw

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component...

CVE-2019-8136

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component...

Input validation

The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...

CVE-2018-7159

The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...

node.js -- multiple vulnerabilities

Node.js reports: Node.js Inspector DNS rebinding vulnerability CVE-2018-7160 Node.js 6.x and later include a debugger protocol also known as "inspector" that can be activated by the --inspect and related command line flags. This debugger service was vulnerable to a DNS rebinding attack which coul...

Amazon Linux AMI : tomcat6 (ALAS-2017-810)

It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...

Fedora Update for php-symfony2-HttpFoundation FEDORA-2013-22422

Check for the Version of php-symfony2-HttpFoundation OpenVAS Vulnerability Test Fedora Update for php-symfony2-HttpFoundation FEDORA-2013-22422 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Fedora Update for php-symfony2-HttpFoundation FEDORA-2013-14608

Check for the Version of php-symfony2-HttpFoundation OpenVAS Vulnerability Test Fedora Update for php-symfony2-HttpFoundation FEDORA-2013-14608 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Fedora Update for php-symfony2-HttpFoundation FEDORA-2013-14579

Check for the Version of php-symfony2-HttpFoundation OpenVAS Vulnerability Test Fedora Update for php-symfony2-HttpFoundation FEDORA-2013-14579 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Fedora Update for php-symfony2-HttpFoundation FEDORA-2012-19442

Check for the Version of php-symfony2-HttpFoundation OpenVAS Vulnerability Test Fedora Update for php-symfony2-HttpFoundation FEDORA-2012-19442 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...