Linux Distros Unpatched Vulnerability : CVE-2025-66577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to...

CVE-2025-66570

cpp-httplib is affected by CVE-2025-66570 through headers handling in httplib.h prior to 0.27.0. Attacker-controlled HTTP headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT can be parsed into the request header multimap by read_headers(), then reused by Server::process_request, potent...

RockyLinux 8 : container-tools:rhel8 (RLSA-2023:2758)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2758 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-196...

CVE-2025-62691

Security Point Windows of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege...

CVE-2025-62691

Affected software : Security Point (Windows) of MaLion and MaLionCloud. Vulnerability : stack-based buffer overflow while processing HTTP headers, enabling a remote unauthenticated attacker to execute arbitrary code with SYSTEM privileges. Impact : arbitrary code execution with SYSTEM rights on v...

CVE-2025-62691

Security Point Windows of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege...

CVE-2025-62691

Security Point Windows of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege...

CVE-2025-13434 jameschz Hush Framework HTTP Host Header Util.php http headers for scripting syntax

A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $SERVER'HOST' causes improper neutralization of http headers for scriptin...

TencentOS Server 4: nodejs20 (TSSA-2025:0415)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0415 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: libsoup3 (TSSA-2025:0587)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0587 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 3: libsoup (TSSA-2024:0904)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0904 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics Advanced Certified Containers

Summary Multiple vulnerabilities were addressed in IBM Planning Analytics Advanced Certified Containers 3.1.2. Vulnerability Details CVEID:CVE-2025-23166 DESCRIPTION: The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a...

CVE-2024-47866 RGW DoS attack with empty HTTP header in S3 object copy

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

Linux Distros Unpatched Vulnerability : CVE-2025-60876

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line to be split an...

HTTP Header Injection

Overview Affected versions of this package are vulnerable to HTTP Header Injection via the processing of HTTP headers containing underscores, which are normalized to dashes by certain upstream applications. Authenticated users can escalate privileges by injecting specially crafted XForwarded-...

DEBIAN-CVE-2025-60876

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

CVE-2025-60876

CVE-2025-60876 affects BusyBox wget up to 1.3.7. The issue stems from accepting raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target, allowing the request-line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape, a raw s...

PT-2025-44791

Name of the Vulnerable Software and Affected Versions lighttpd version 1.4.80 Description The software improperly merges trailer fields into headers following HTTP request parsing, which can be leveraged to carry out HTTP Header Smuggling attacks. Successful exploitation could allow an attacker t...

AZL-69254 CVE-2025-58186 affecting package golang 1.26.0-1

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4j2-BugMaker CVE-2021-44228 Log4Shell Vulnerability Dem...