CVE-2025-50404

Intelbras RX1500 Router v2.2.17 and before is vulnerable to Integer Overflow. The websReadEvent function incorrectly uses the int type when processing the "command" field of the http header, causing the array to cross the boundary and overwrite other fields in the array...

EulerOS 2.0 SP13 : golang (EulerOS-SA-2025-1687)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate...

CVE-2025-6762

A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...

CVE-2025-6762

A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...

CVE-2025-6762 diyhi bbs HTTP Header login getUrl server-side request forgery

A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...

CVE-2025-6762 diyhi bbs HTTP Header login getUrl server-side request forgery

A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...

CVE-2025-6762

CVE-2025-6762 affects diyhi bbs up to version 6.8. The issue is in the HTTP Header Handler’s getUrl function for /admin/login, where manipulating the Host argument enables server-side request forgery (SSRF). Exploitation is possible remotely and has been disclosed publicly. Connected documents co...

PT-2025-27142 · Diyhi Bbs · Diyhi Bbs

Name of the Vulnerable Software and Affected Versions: diyhi bbs versions up to 6.8 Description: A critical issue has been discovered that affects the getUrl function of the /admin/login file in the HTTP Header Handler component. The manipulation of the Host argument leads to server-side request...

CVE-2025-52887 cpp-httplib has unlimited number of http header fields, which causes memory leak

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected...

CVE-2025-49593

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrator can be convinced to register a maliciou...

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.19.2: CVE-2025-23166: improper error handling in async cryptographic operations crashes process bsc1243218. CVE-2025-23167: improper HTTP header block termination in llhttp bsc1243220. CVE-2025-23165: add missing call to...

PT-2025-25764 · Unknown +3 · Portainer Community Edition +4

Name of the Vulnerable Software and Affected Versions: Portainer Community Edition versions prior to 2.31.0 STS and prior to 2.27.7 LTS Description: The issue affects a lightweight service delivery platform for containerized applications, allowing management of Docker, Swarm, Kubernetes, and ACI...

TencentOS Server 3: nodejs (TSSA-2023:0049)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0049 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Incorrect Access Control

Erxes is vulnerable to Incorrect Access Control. The vulnerability is due to authentication bypass due to improper validation of the User HTTP header, allowing attackers to impersonate users and access any GraphQL endpoint...

Important: nodejs20

Issue Overview: Corrupted pointer in node::fs::ReadFileUtf8const FunctionCallbackInfo& args when args0 is a string, resulting in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Info:...

PT-2025-26727

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Firefox ESR versions prior to 128.12 Description: The issue arises when a file download is specified via the Content-Disposition header, but this directive is ignored if the file is included via an or tag. This...

Cross-site Scripting (XSS)

Overview django-aws-api-gateway-websockets is a Created to allow Django projects to be used as a HTTP backend for AWS API Gateway websockets Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the lack of sanitization an HTTP header in the...

libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header

A flaw was found in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

CVE-2025-5146

A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. This vulnerability affects the function passwdset of the file /usr/bin/routerd of the component HTTP Header Handler. The manipulation of the...

CVE-2025-5146 Netcore NBR200V2 HTTP Header routerd passwd_set command injection

A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. This vulnerability affects the function passwdset of the file /usr/bin/routerd of the component HTTP Header Handler. The manipulation of the...