Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a type confusion vulnerability that stems from a flaw in the V8 engine's handling of malicious HTML pages. An attacker can exploit the vulnerability to trigger heap corruption via a specially crafted HTML...

HTMLParser quadratic complexity when processing malformed inputs

...

Apache Tomcat Resource Management Error Vulnerability (CNVD-2025-16618)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement the Servlet and JavaServer Page JSP support. Apache Tomcat has a Resource Management Error vulnerability that originates from an HTTP/2 client not acknowledging the initial setu...

The vulnerability of the Native Image component in the Oracle GraalVM for JDK virtual machine allows a hacker to trigger a service failure.

The vulnerability of the Native Image component in the Oracle GraalVM for JDK lies in the insecure management of privileges. Exploiting this vulnerability allows a malicious actor to trigger a service failure using the HTTP protocol...

Apache HTTP Server: HTTP/2 DoS by Memory Increase

...

HTTP Desynchronisation Attack

Apache HTTP Server modssl is vulnerable to an HTTP desynchronisation Attack. The vulnerability is due to the use of SSLEngine optional for enabling TLS upgrades, which allows a man-in-the-middle attacker to exploit request desynchronisation and hijack an active HTTP session during the TLS upgrade...

tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame

A flaw was found in Apache Tomcat. This vulnerability allows an application-level denial of service DoS, causing it to become unresponsive or slow via maliciously crafted HTTP/2 prioritization headers. It performs an incomplete cleanup of failed requests, which triggers a memory leak...

tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame

A flaw was found in Apache Tomcat. This vulnerability allows an application-level denial of service DoS, causing it to become unresponsive or slow via maliciously crafted HTTP/2 prioritization headers. It performs an incomplete cleanup of failed requests, which triggers a memory leak...

PT-2025-50550

Name of the Vulnerable Software and Affected Versions XWiki versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2, and 17.5.0-rc-1 through 17.5.0 Description The XWiki Rendering system lacks sufficient protection against /html injection. This allows attackers to achieve remote code execution RCE...

XWiki Rendering 安全漏洞

XWiki Rendering is a general-purpose rendering system from the XWiki Foundation that converts text input from a given syntax wiki syntax, HTML, etc. to another syntax XHTML, etc.. A security vulnerability exists in XWiki Rendering versions prior to 5.4.5 through 14.10, which stems from the XHTML...

Ruby WEBrick read_header HTTP Request Smuggling Vulnerability

...

DEBIAN-CVE-2025-53506

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1...

DEBIAN-CVE-2025-49630

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with...

Apache Tomcat 资源管理错误漏洞

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement the Servlet and JavaServer Page JSP support. Apache Tomcat has a Resource Management Error vulnerability that originates from an HTTP/2 client not acknowledging the initial setu...

The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to select user account names.

The vulnerability of the Device Admin App on the ctrlX OS involves unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to select user account names by sending specially crafted HTTP requests remotely...

CVE-2024-56468

IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service...

IBM InfoSphere Data Replication VSAM for z/OS Remote Source 安全漏洞

IBM InfoSphere Data Replication VSAM for z/OS Remote Source is a source data replication engine from International Business Machines IBM. A security vulnerability exists in IBM InfoSphere Data Replication VSAM for z/OS Remote Source version 11.4 that originates from a remote user that could cause...

Security update for python39

This update for python39 fixes the following issues: CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupda...

webkitgtk: Use-after-free leading to arbitrary code execution

A use-after-free vulnerability was found in WebKitGTK. The flaw occurs when processing maliciously crafted HTML content in WebKit. This flaw allows a remote attacker to trick the victim into visiting a specially crafted website, triggering memory corruption and executing arbitrary code on the...

webkitgtk: processing malicious web content may lead to arbitrary code execution

A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing malicious HTML content in WebKit, which could result in memory corruption and arbitrary code execution on the target system...