CVE-2025-13434

A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $SERVER'HOST' causes improper neutralization of http headers for scriptin...

EUVD-2025-198257

A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $SERVER'HOST' causes improper neutralization of http headers for scriptin...

CVE-2025-13434

A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $SERVER'HOST' causes improper neutralization of http headers for scriptin...

CVE-2025-13434

A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $SERVER'HOST' causes improper neutralization of http headers for scriptin...

CVE-2025-13434

CVE-2025-13434 affects the jameschz Hush Framework 2.0. The issue lies in the HTTP Host Header Handler implemented in Hush\hush-lib\hush\Util.php, where manipulation of the argument $_SERVER['HOST'] causes improper neutralization of HTTP headers for scripting syntax. Exploitation is described as ...

CVE-2025-13434 jameschz Hush Framework HTTP Host Header Util.php http headers for scripting syntax

A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $SERVER'HOST' causes improper neutralization of http headers for scriptin...

CVE-2025-13434 jameschz Hush Framework HTTP Host Header Util.php http headers for scripting syntax

A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $SERVER'HOST' causes improper neutralization of http headers for scriptin...

PT-2025-47545

A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hushhush-libhushUtil.php of the component HTTP Host Header Handler. This manipulation of the argument $ SERVER'HOST' causes improper neutralization of http headers for scripting...

Hush Framework 安全漏洞

Hush Framework is a web application framework by the individual developer of james.huang. A security vulnerability exists in Hush Framework version 2.0, which stems from improperly neutralized HTTP host headers and could lead to remote attacks...

EUVD-2024-52842

Malicious code in bioql PyPI...

EUVD-2021-29348

Malicious code in bioql PyPI...

EUVD-2021-29347

Malicious code in bioql PyPI...

EUVD-2024-37392

Malicious code in bioql PyPI...

CVE-2024-38522

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0...

Linux Distros Unpatched Vulnerability : CVE-2021-42377

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due...

CVE-2024-38521

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0...

CVE-2024-38523

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to...

CVE-2024-55888

Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scriptin...

CVE-2024-55888 Content Security Policy appears to be missing in software and production setup

Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scriptin...

CVE-2024-55888

CVE-2024-55888 affects Hush Line, an open-source whistleblower management system. A production-server misconfiguration in versions 0.1.0 through 0.3.4 left out a Content Security Policy and security headers, potentially bypassing XSS filters. The issue was fixed in version 0.3.5. Affected: Hush L...