Linux Distros Unpatched Vulnerability : CVE-2022-41915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling...

CLSA-2025-1756322698 php: Fix of CVE-2025-1736

CVE-2025-1736: fix incorrect validation of CRLF in http headers...

CVE-2025-44957

Ruckus SmartZone SZ before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers...

CVE-2025-44957

Ruckus SmartZone SZ before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers...

CVE-2025-44957

Ruckus SmartZone SZ before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers...

CVE-2025-44957

CVE-2025-44957 affects Ruckus SmartZone (SZ) prior to 6.1.2p3 Refresh Build. The issue enables authentication bypass using a valid API key and crafted HTTP headers, potentially granting administrator access. Connected PT security notes corroborate the affected software and specify that the workar...

ROS-20250804-21

A vulnerability in the cURL command line utility interface is related to the allocation of unlimited memory when processing HTTP headers. HTTP headers. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

ROS-20250804-01

A vulnerability in the cURL command line utility interface is related to the allocation of unlimited memory when processing HTTP headers. HTTP headers. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

CVE-2025-44957

Ruckus SmartZone SZ before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers...

CVE-2025-41376

CRLF Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via '/index.php/survey/index/sid//token/fwyfw%0d%0aCookie:%20POC'...

CVE-2025-50578

LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirect attacks. This allows the loading...

CVE-2025-50578

LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirect attacks. This allows the loading...

CVE-2025-50578

Heimdall 2.6.3-ls307 (LinuxServer.io) contains a vulnerability in handling user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirects, enabling loading of external resou...

PT-2025-31395

Name of the Vulnerable Software and Affected Versions heimdall version 2.6.3-ls307 Description The application does not properly validate user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. This allows for Host Header Injection and Open Redirect attacks. An unauthenticated remo...

CVE-2025-50578

LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirect attacks. This allows the loading...

java-17-openjdk security update

An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-17-openjdk packages provide the OpenJDK 17 Java Runtime...

PT-2025-30891 · Unknown · Openblow Whistleblowing Platform

Name of the Vulnerable Software and Affected Versions: OpenBlow whistleblowing platform affected versions not specified Description: A client-side security misconfiguration exists due to the absence of critical HTTP response headers, including Content-Security-Policy, Referrer-Policy,...

Improper Handling Of HTTP Headers

on-headers is vulnerable to Improper Handling of HTTP Headers. The vulnerability is due to unexpected header modification caused by incorrect processing when an array is passed to response.writeHead, potentially altering response headers unintentionally...

Ubuntu 16.04 LTS / 18.04 LTS : PHP vulnerabilities (USN-7645-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7645-1 advisory. It was discovered that PHP incorrectly parsed certain HTTP response headers. An attacker could possibly use this issue to cause incorrect MIM...

USN-7645-1: PHP vulnerabilities

It was discovered that PHP incorrectly parsed certain HTTP response headers. An attacker could possibly use this issue to cause incorrect MIME type parsing which could result in unexpected behavior. CVE-2025-1217 It was discovered that PHP did not properly validate certain HTTP headers. An attack...