CVE-2025-27022 Path Traversal Vulnerability in Infinera G42

A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all files on the target...

PT-2025-27615

Name of the Vulnerable Software and Affected Versions: Infinera G42 version R6.1.3 Description: The issue allows remote authenticated users to download all OS files via HTTP requests due to a path traversal vulnerability in the WebGUI HTTP endpoint. This is caused by a lack or insufficient...

PT-2025-26664

Name of the Vulnerable Software and Affected Versions Linksys E-Series routers versions prior to a firmware update Linksys E4200 Linksys E3200 Linksys E3000 Linksys E2500 Linksys E2100L Linksys E2000 Linksys E1550 Linksys E1500 Linksys E1200 Linksys E1000 Linksys E900 Description An OS command...

vLLM DOS: Remotely kill vllm over http with invalid JSON schema

Summary Hitting the /v1/completions API with a invalid jsonschema as a Guided Param will kill the vllm server Details The following API call venv derekh@ip-172-31-15-108 $ curl -s http://localhost:8000/v1/completions -H "Content-Type: application/json" -d '"model":...

CVE-2023-41943

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...

CVE-2023-30529

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

CVE-2025-4901

A vulnerability classified as problematic was found in D-Link DI-7003GV2 24.04.18D1 R68125. Affected by this vulnerability is the function sub41E304 of the file /H5/stateview.data of the component HTTP Endpoint. The manipulation leads to information disclosure. The attack can only be done within...

CVE-2025-4901

A vulnerability classified as problematic was found in D-Link DI-7003GV2 24.04.18D1 R68125. Affected by this vulnerability is the function sub41E304 of the file /H5/stateview.data of the component HTTP Endpoint. The manipulation leads to information disclosure. The attack can only be done within...

CVE-2025-4901

A vulnerability classified as problematic was found in D-Link DI-7003GV2 24.04.18D1 R68125. Affected by this vulnerability is the function sub41E304 of the file /H5/stateview.data of the component HTTP Endpoint. The manipulation leads to information disclosure. The attack can only be done within...

CVE-2025-4901 D-Link DI-7003GV2 HTTP Endpoint state_view.data sub_41E304 information disclosure

A vulnerability classified as problematic was found in D-Link DI-7003GV2 24.04.18D1 R68125. Affected by this vulnerability is the function sub41E304 of the file /H5/stateview.data of the component HTTP Endpoint. The manipulation leads to information disclosure. The attack can only be done within...

CVE-2025-4901 D-Link DI-7003GV2 HTTP Endpoint state_view.data sub_41E304 information disclosure

A vulnerability classified as problematic was found in D-Link DI-7003GV2 24.04.18D1 R68125. Affected by this vulnerability is the function sub41E304 of the file /H5/stateview.data of the component HTTP Endpoint. The manipulation leads to information disclosure. The attack can only be done within...

CVE-2025-4901

CVE-2025-4901 affects D-Link DI-7003GV2 (HTTP Endpoint component). The vulnerable element is the function sub_41E304 in the file /H5/state_view.data, whose manipulation leads to information disclosure. Exploitation is described as possible only within the local network. Multiple connected sources...

PT-2025-21869 · D Link · D-Link Di-7003Gv2

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 R68125 Description: A problematic vulnerability was found in the HTTP Endpoint component, specifically affecting the function sub 41E304 of the file /H5/state view.data. This issue leads to information...

GHSA-WR6W-JXG7-QPFH Jenkins Missing Permission Check

Jenkins 2.503 and earlier, LTS 2.492.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration. This is due to an...

CVE-2025-0426

A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk...

CVE-2025-0426

A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk...

CVE-2024-45106

Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if: ozone.s3g.secret.http.enabled is set to true. The default value of this configuration is...

CVE-2024-45106

CVE-2024-45106 describes an authentication flaw in the S3 Gateway of Apache Ozone 1.4.0 , where an authenticated Kerberos user can revoke and regenerate another user’s S3 secrets if: ozone.s3g.secret.http.enabled is true (default is false) the Kerberos principal is listed in ozone.s3.administrato...

CVE-2024-45106 Apache Ozone: Improper authentication when generating S3 secrets

Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if: ozone.s3g.secret.http.enabled is set to true. The default value of this configuration is...

PT-2024-31436 · Apache · Apache Ozone

Name of the Vulnerable Software and Affected Versions: Apache Ozone version 1.4.0 Description: The issue is related to improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone. This allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other...