2481 matches found
CVE-2026-27193
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to clients. The OAuth servi...
CVE-2025-8308
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Through HTTP Headers. This issue affects INFOREX- General Information Management System: from 2025 and...
CVE-2025-8308
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Through HTTP Headers. This issue affects INFOREX- General Information Management System: from 2025 and...
CVE-2025-8308 Reflected XSS in Key Software's INFOREX
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Through HTTP Headers. This issue affects INFOREX- General Information Management System: from 2025 and...
PT-2026-20390
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Through HTTP Headers.This issue affects INFOREX- General Information Management System: from 2025 and...
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
SHARP MFPs Out-of-Bounds Vulnerabilities (CVE-2024-43424)
Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
USN-8032-1 python-aiohttp vulnerabilities
Charles Chan discovered that AIOHTTP incorrectly handled the decompression of compressed requests. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 25.10. CVE-2025-69223 Thomas Rinsma discovered that AIOHTTP incorrectly handled...
CVE-2026-26234 JUNG Smart Visu Server - Improper Neutralization of HTTP Headers for Scripting Syntax
JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache...
php: Streams HTTP wrapper does not fail for headers with invalid name and no colon
A flaw was found in PHP. This vulnerability allows applications to accept invalid headers via malformed HTTP headers missing a colon :, which may confuse applications into processing them as valid headers...
tornado: Tornado Quadratic DoS via Repeated Header Coalescing
A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...
tornado: Tornado Quadratic DoS via Repeated Header Coalescing
A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...
tornado: Tornado Quadratic DoS via Repeated Header Coalescing
A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...
tornado: Tornado Quadratic DoS via Repeated Header Coalescing
A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
GHSA-V34V-RQ6J-CJ6P LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection
Summary The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints. ---...
CVE-2025-71031
Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...
CVE-2025-7760 Reflected XSS in Ofisimo's Association Web Package Flora
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers. This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The...
CVE-2025-7760
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers. This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The...