CVE-2025-4328

A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...

CVE-2025-4328 fp2952 spring-cloud-base HTTP Header MvcController.java sendBack redirect

A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...

CVE-2025-4328 fp2952 spring-cloud-base HTTP Header MvcController.java sendBack redirect

A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...

PT-2025-19924 · Unknown · Spring-Cloud-Base

Name of the Vulnerable Software and Affected Versions: spring-cloud-base versions up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa Description: A problem has been declared in the function sendBack of the file...

PT-2025-19983

Name of the Vulnerable Software and Affected Versions FastAPI Guard versions prior to 2.0.0 Description An HTTP header injection issue has been identified in FastAPI Guard. By manipulating the X-Forwarded-For header, an attacker can potentially inject arbitrary IP addresses into the request. This...

spring-cloud-base 安全漏洞

spring-cloud-base is an application by fp2952 individual developer. A security vulnerability exists in spring-cloud-base, which originates in the component HTTP Header Handler in the file /spring-cloud-base-master/auth-center/auth-center-provider/src/main/java/com/...

libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header

A flaw was found in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

PT-2025-28189 · Ооо 'Сегнетикс' · Segnetics Smconfig

Уязвимость конфигуратора системных настроек Segnetics SMConfig связана с отсутствием защиты передаваемых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, раскрыть защищаемую информацию путём чтения HTTP-заголовка Set-Cookie...

PT-2025-18236 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an HTTP Header Injection in the Apache HTTP Server. No specific details about the number of potentially affected devices or real-world incidents are provided...

ADC-13.1-Error "Custom header name is too long" with rewrite action DELETE_HTTP_HEADER in Netscaler

When you want to delete HTTP header "X-Permitted-Cross-Domain-Policies" with rewrite action DELETEHTTPHEADER, Netscaler prompts this error "Custom header name is too long"...

CVE-2025-2767

Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The specific flaw exist...

Security Bulletin: IBM i is vulnerable to a host header injection attack due to improper neutralization of HTTP header content by IBM Navigator for i [CVE-2025-2950].

Summary IBM i is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the...

CVE-2025-2950

IBM i (versions 7.3, 7.4, 7.5, and 7.6) is affected by a host header injection vulnerability due to improper neutralization of HTTP header content in IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to alter the domain/IP, potentially causing unexpected b...

CVE-2025-2950 IBM i improper HTTP header neutralization

IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior...

CVE-2025-2950 IBM i improper HTTP header neutralization

IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior...

IBM i 安全漏洞

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. IBM i suffers from a Content Neutralization Malpractice vulnerability that originates from a HTTP header Content Neutralization Malpractice, which can be exploited by a...

PT-2025-17301 · Ibm · Ibm I +1

Name of the Vulnerable Software and Affected Versions: IBM i versions 7.3 through 7.5 Description: The issue is caused by improper neutralization of HTTP header content by IBM Navigator for i, allowing an authenticated user to manipulate the host header in HTTP requests. This can lead to changing...

CVE-2022-43847

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.9 Interim Fix 005 Vulnerability Details CVEID:CVE-2024-39734 DESCRIPTION: IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers...

CVE-2022-43847

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...