Linux Distros Unpatched Vulnerability : CVE-2025-9901

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup's caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that...

CVE-2024-12973

Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing. This issue affects OctoCloud: from s1.09.01 before v1.11.01...

Errors returned from JSON marshaling may break template escaping in html/template

...

Improper handling of empty HTML attributes in html/template

...

Excessive resource consumption in net/http, net/textproto and mime/multipart

...

Improper handling of HTML-like comments in script contexts in html/template

...

Denial of service due to improper 100-continue handling in net/http

...

CVE-2025-58056

Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters LF as a chunk-size line...

CVE-2025-9867

Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-9865

CVE-2025-9865 : In Google Chrome on Android, prior to version 140.0.7339.80, an inappropriate implementation in Toolbar allows a remote attacker to induce a user, via crafted HTML and specific UI gestures, to perform domain spoofing. Impact is described as a Chromium-style vulnerability with pote...

PT-2025-35742

Name of the Vulnerable Software and Affected Versions: BuddyDev MediaPress versions through 1.5.9.1 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue, which allows for PHP Local File Inclusion...

CVE-2025-9800 SimStudioAI sim HTML File route.ts import unrestricted upload

A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipulation of the argument File can lead to unrestricte...

CLSA-2025-1756751597 squid: Fix of CVE-2023-46846

CVE-2023-46846: fix Request/Response chunk smuggling in HTTP/1.1 and ICAP...

Linux Distros Unpatched Vulnerability : CVE-2025-8671

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may...

CVE-2025-52217

SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML...

CVE-2025-7775

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server OR NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS...

Linux Distros Unpatched Vulnerability : CVE-2020-9481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. CVE-2020-9481 Note that Nessus relies on the presence ...

GHSA-HW6F-RJFJ-J7J7 Eventlet affected by HTTP request smuggling in unparsed trailers

Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches Patches Problem has...

php: Fix of 3 CVEs

CVE-2025-1217: http stream wrapper: fix handling folded headers - CVE-2025-1734: http stream wrapper: fix handling headers with invalid name and no colon - CVE-2025-1861: fix http redirect location truncation...

Security update for netty

This update for netty fixes the following issues: CVE-2025-55163: Fixed "MadeYouReset" DoS attack in HTTP/2 protocol including DNS over HTTPS bsc1247991 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...