CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by confidentiality vulnerability (CVE-2015-7399)

Summary WebSphere Message Broker and IBM Integration Bus could allow a potential attacker to identify the technology used to handle incoming HTTP requests Vulnerability Details CVEID: CVE-2015-7399 DESCRIPTION: IBM Integration Bus could allow a potential attacker to identify the technology used t...

CVE-2024-4023

A stored cross-site scripting XSS vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a .xsig extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being processed as an HTML fil...

CVE-2024-12068 Server-Side Request Forgery in haotian-liu/llava

A Server-Side Request Forgery SSRF vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP requests to arbitrary URLs, potentially accessing sensitive data that is only accessible from the server, such...

CVE-2024-12068 Server-Side Request Forgery in haotian-liu/llava

A Server-Side Request Forgery SSRF vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP requests to arbitrary URLs, potentially accessing sensitive data that is only accessible from the server, such...

CVE-2024-12068

CVE-2024-12068 affects haotian-liu/llava (Git commit c121f04). The vulnerability is a Server-Side Request Forgery (SSRF) that lets the server perform HTTP requests to arbitrary URLs, potentially exposing data only reachable from the server, such as AWS metadata credentials. A PoC/exploitation wor...

CVE-2023-37933

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests...

CVE-2024-55594

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...

CVE-2024-55594

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...

CVE-2024-55594

CVE-2024-55594 affects Fortinet FortiWeb prior to versions 7.4.0–7.4.6, 7.2.0–7.2.10, and 7.0.0–7.0.10. The issue arises from improper handling of syntactically invalid structure in HTTP/S requests, enabling an unauthenticated attacker to execute unauthorized code or commands. The NVD CVSSv3.1 ba...

CVE-2024-55594

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...

CVE-2025-29891

Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is...

CVE-2024-54026

An improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandb...

CVE-2023-42784

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...

CVE-2024-54026

An improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandb...

CVE-2024-54026

An improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandb...

CVE-2024-54026

CVE-2024-54026 affects Fortinet FortiSandbox family (FortiSandbox 4.4.x, 4.2.x, 4.0.x, 3.2.x, 3.1.x, 3.0.x, and FortiSandbox Cloud 24.1) with an SQL injection due to improper neutralization of SQL commands. An attacker can exploit this via specially crafted HTTP requests to execute unauthorized c...

CVE-2024-55592

An incorrect authorization vulnerability CWE-863 in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an...