Linux Distros Unpatched Vulnerability : CVE-2022-2048

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning ...

Cisco Secure Firewall Threat Defense Remote Access VPN Web Server DoS (cisco-sa-asaftd-vpnwebs-dos-hjBhmBsX)

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a vulnerability. - A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could all...

SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2025:02978-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02978-1 advisory. Updated to Tomcat 10.1.43i: - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configuration...

UBUNTU-CVE-2025-57804

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...

CVE-2025-57804 h2 allows HTTP Request Smuggling due to illegal characters in headers

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...

CVE-2025-57804 h2 allows HTTP Request Smuggling due to illegal characters in headers

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...

GHSA-847F-9342-265H h2 allows HTTP Request Smuggling due to illegal characters in headers

Summary HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request...

h2 allows HTTP Request Smuggling due to illegal characters in headers

Summary HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request...

CVE-2023-47799

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...

PT-2025-34608 · Mahara · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions prior to 22.10.4 Mahara versions 23.x prior to 23.04.4 Description: Mahara is susceptible to information disclosure when the experimental HTML bulk export feature is utilized through the administration interface or command-lin...

CVE-2025-55575

SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers to gain sensitive information via a crafted HTTP request with action=servicedetail...

Linux Distros Unpatched Vulnerability : CVE-2017-11114

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The putchars function in htmlr.c in Twibright Links 2.14 allows remote attackers to cause a denial of service buffer over-read via a crafted HTML file...

Linux Distros Unpatched Vulnerability : CVE-2017-2666

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy...

Linux Distros Unpatched Vulnerability : CVE-2019-9834

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection...

Linux Distros Unpatched Vulnerability : CVE-2025-8011

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium...

Exploit for CVE-2025-8671

CVE-2025-8671 - PoC DoS lighttpd HTTP/2 Auteur : @abiyeenzo...

CVE-2025-51989

HTML injection vulnerability in the registration interface in Evolution Consulting Kft. HRmaster module v235 allows an attacker to inject HTML tags into the "keresztnév" firstname field, which will be sent out in an email resulting in possible Phishing scenarios against any, previously not...

CVE-2025-54812

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order t...

CVE-2025-54812

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order t...

CVE-2025-54812 Apache Log4cxx: Improper HTML escaping in HTMLLayout

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order t...