3693 matches found
CVE-2025-2833
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...
CVE-2025-2833 zhangyd-c OneBlog HTTP Header redos
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...
CVE-2025-2833
The CVE-2025-2833 entry concerns zhangyd-c OneBlog (≤2.3.9) where the HTTP Header Handler’s handling of X-Forwarded-For allows an attack via insufficient regular-expression complexity (a ReDoS-like issue). A remote attacker could exploit this vulnerability; exploitation details are present in con...
CVE-2025-2833 zhangyd-c OneBlog HTTP Header redos
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...
Shopify Pitchfork 注入漏洞
Shopify Pitchfork is a preforked HTTP server for a Rack application from Shopify Canada. An injection vulnerability exists in Shopify Pitchfork versions prior to 0.11.0 that stems from HTTP response header injection when used in conjunction with Rack 3...
Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related IBM WebSphere Application Server Liberty and FasterXML jackson-databind
Summary Vulnerabilities in IBM WebSphere Application Server Liberty and FasterXML jackson-databind such as HTTP header injection, identity spoofing, denial of service may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0...
USN-7372-1: Varnish vulnerability
Martin van Kervel Smedshammer discovered that Varnish did not properly sanitize certain HTTP headers. A remote attacker could possibly use this issue to perform a cross-site request forgery CSRF attack...
Security Bulletin: IBM Robotic Process Automation is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
Summary IBM Robotic Process Automation is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Vulnerability Details CVEID:CVE-2022-41292 DESCRIPTION: IBM Robotic Process Automation is vulnerable to HTTP header injection, caused by improper validation o...
Security Bulletin: IBM Aspera Faspex 5.0.0/5.0.1 affected by vulnerability (CVE-2022-22399)
Summary This security bulletin addresses a HTTP header injection vulnerability that have been remediated in IBM Aspera Faspex 5.0.2. Vulnerability Details CVEID:CVE-2022-22399 DESCRIPTION: IBM Aspera Faspex 5 is vulnerable to HTTP header injection, caused by improper validation of input by the HO...
CVE-2025-2358
A vulnerability was found in Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Kfxt/Service.asmx of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For lead...
CVE-2025-2358 Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System HTTP Header Service.asmx sql injection
A vulnerability was found in Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Kfxt/Service.asmx of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For lead...
CVE-2025-2358
CVE-2025-2358 affects Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0. The vulnerability is an SQL injection in the HTTP Header Handler, triggered by manipulating the X-Forwarded-For argument in requests to /Kfxt/Service.asmx. It is described as remotely exploitable and has...
The vulnerability of the PHP programming language interpreter, related to deficiencies in handling HTTP request headers, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).
The vulnerability of the PHP programming language interpreter is related to deficiencies in the processing of HTTP request headers. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests a type of HTTP Request Smuggling attack...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to HTTP header injection due to the Django package (CVE-2021-32052)
Summary Django is used by IBM DataStage on Cloud Pak for Data as part of server processing. Vulnerability Details CVEID:CVE-2021-32052 DESCRIPTION: Django is vulnerable to HTTP header injection, caused by improper validation of input in URLValidator. By persuading a victim to visit a...
SUSE-SU-2025:20143-1 Security update for podman
This update for podman fixes the following issues: - CVE-2025-27144: Fixed gopkg.in/square/go-jose.v2,gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE's Parsing Vulnerable to Denial of Service bsc1237641: - CVE-2024-11218: Fixed...
CVE-2023-35894
IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...
CVE-2023-35894
IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...
CVE-2023-35894 IBM Control Center HOST header injection
IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...
CVE-2023-35894
IBM Control Center (IBM Sterling Control Center) versions 6.2.1 and 6.3.1 are affected by CVE-2023-35894 due to improper validation of HOST header input, enabling HTTP header injection that can lead to cross-site scripting, cache poisoning, or session hijacking. Remediation per IBM bulletin: upgr...
CVE-2023-35894 IBM Control Center HOST header injection
IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...