Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the HttpClient which has a built-in XSRF protection mechanism. An attacker can obtain sensitive authentication tokens by crafting requests using protocol-relative URLs that cause the...

CVE-2025-66035

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...

com.erudika:para-search-elasticsearch (=1.42.0), org.codelibs.fesen.client:fesen-httpclient (>=3.0.0 <=3.2.0) +43 more potentially affected by CVE-2025-9624 via org.opensearch:opensearch-common (>=3.0.0 <=3.2.0)

org.opensearch:opensearch-common MAVEN version =3.0.0, =3.0.0, =15.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0.0, =3.22.0, =3.0.0, =3.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.2 and more Source cves: CVE-2025-9624 Source advisory: OSV:GHSA-MW3V-MMFW-3X2G...

Resty has a Path Traversal vulnerability

A security vulnerability has been detected in Dreampie Resty versions up to the 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to...

CVE-2025-13435

Dreampie Resty has a path traversal vulnerability (CVE-2025-13435) affecting HttpClient.java in Resty versions up to 1.3.1.SNAPSHOT. The issue arises from improper handling of the filename argument in Request, enabling potential remote exploitation. The vulnerability is described as highly comple...

CVE-2025-13435 Dreampie Resty HttpClient HttpClient.java request path traversal

A security vulnerability has been detected in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to path traversa...

Resty has a Path Traversal vulnerability

A security vulnerability has been detected in Dreampie Resty versions up to the 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to...

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM DevOps Code ClearCase

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM DevOps Code ClearCase. CVE-2025-9230 , CVE-2025-9232 Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application trying to decrypt CMS messages encrypted using password based...

Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2021-3737)

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...

CVE-2025-52186

Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to...

RUSTSEC-2025-0114 tandem_http_client is unmaintained

The tandem crates in https://github.com/sine-fdn are no longer maintained by the SINE Foundation. The repository has been archived. Recommended alternative We are continuing our work on SMPC by implementing our secure multi-party computation engine Polytune...

tandem_http_client is unmaintained

The tandem crates in https://github.com/sine-fdn are no longer maintained by the SINE Foundation. The repository has been archived. Recommended alternative We are continuing our work on SMPC by implementing our secure multi-party computation engine Polytune...

[SECURITY] Fedora 43 Update: rust-reqsign-http-send-reqwest-2.0.1-1.fc43

Reqwest-based HTTP client implementation for reqsign...

[SECURITY] Fedora 43 Update: rust-reqsign-http-send-reqwest-2.0.0-1.fc43

Reqwest-based HTTP client implementation for reqsign...

[SECURITY] Fedora 42 Update: rust-reqsign-http-send-reqwest-2.0.0-1.fc42

Reqwest-based HTTP client implementation for reqsign...

Astra Linux - уязвимость в openssl

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...

MGASA-2025-0242 Updated haproxy packages fix security vulnerability & bugs

Haproxy has a critical, a major, few medium and few minor bugs fixed in the last upstream version 2.8.16 of branch 2.8. Fixed critical bug list: - mjson: fix possible DoS when parsing numbers Fixed major bug list: - listeners: transfer connection accounting when switching listeners Fixed medium...

Updated quictls packages with two security issues and bug fixes

Two security issues and miscellaneous minor bug fixes. Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. CVE-2025-9230 Fix Out-of-bounds read in HTTP client noproxy handling. CVE-2025-9232...

EUVD-2025-34883

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...

EUVD-2020-0377

Malware in sbrugna...