CVE-2025-3463

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub'...

CVE-2025-3463

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub'...

CVE-2025-3462

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security Update for ASUS...

CVE-2025-3462

ASUS DriverHub (pre‑1.0.6.0) contains an insufficient validation/origin-check vulnerability in HTTP handling that can let untrusted sources interact with driver features; some reports describe potential remote code execution via crafted HTTP requests and manipulated AsusSetup.ini during silent in...

USN-7503-1 python-h11 vulnerability

Jeppe Bonde Weikop discovered that h11 incorrectly handled crafted HTTP requests. A remote attacker could possibly use this issue to smuggle malicious HTTP requests, which could potentially lead to security control bypass and information leakage...

USN-7503-1: h11 vulnerability

Jeppe Bonde Weikop discovered that h11 incorrectly handled crafted HTTP requests. A remote attacker could possibly use this issue to smuggle malicious HTTP requests, which could potentially lead to security control bypass and information leakage...

BIT-KIBANA-2025-25014 Kibana arbitrary code execution via prototype pollution

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints...

BIT-ELK-2025-25014 Kibana arbitrary code execution via prototype pollution

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints...

CVE-2025-20223

A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insufficient enforcement of access control on HTTP...

CVE-2025-20196

A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service DoS condition. This...

CVE-2025-20196

A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service DoS condition. This...

CVE-2025-20196

A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service DoS condition. This...

CVE-2025-20196

CVE-2025-20196 affects the Cisco IOx application hosting environment within Cisco IOS Software and Cisco IOS XE Software. The issue arises from improper handling of HTTP requests, allowing unauthenticated, remote attackers to cause the IOx environment to stop responding (DoS); the environment mus...

CVE-2025-20223

The CVE-2025-20223 entry concerns Cisco Catalyst Center (formerly Cisco DNA Center). Affected component: internal service repository accessed via HTTP. Root cause: insufficient enforcement of access control on HTTP requests, enabling an authenticated, remote attacker to read and modify data handl...

Cisco Catalyst Center Insufficient Access Control Vulnerability

A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insufficient enforcement of access control on HTTP...

Cisco IOx Application Hosting Environment Denial of Service Vulnerability

A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service DoS condition. This...

Radware Cloud Web Application Firewall Vulnerable to Filter Bypass

Overview The Radware Cloud Web Application Firewall is vulnerable to filter bypass by multiple means. The first is via specially crafted HTTP request and the second being insufficient validation of user-supplied input when processing a special character. An attacker with knowledge of these...

PT-2025-20268 · Cisco · Cisco Ios Xe +2

Name of the Vulnerable Software and Affected Versions: Cisco IOS Software and Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Cisco IOx application hosting environment could allow an unauthenticated, remote attacker to cause the environment to stop...

CVE-2025-25014

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints...

CVE-2025-25014 Kibana arbitrary code execution via prototype pollution

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints...