The vulnerability of Google Chrome, related to errors in the implementation of security checks for standard elements, allows attackers to escalate their privileges.

The vulnerability of Google Chrome is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability can allow a malicious actor to enhance their privileges through a specially created HTML page...

GHSA-G9PC-8G42-G6VQ RoadRunner is at risk of HTTP Request/Response Smuggling through vulnerable dependency

The net/http package dependency used by RoadRunner improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttlin...

The vulnerability of the Apache Traffic Server web server, related to defects in the processing of HTTP request headers, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the Apache Traffic Server web server is related to deficiencies in the processing of HTTP request headers. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests remotely HTTP Request Smuggling attack...

HCL Launch和HCL DevOps Deploy 安全漏洞

HCL Launch and HCL DevOps Deploy are both products of HCL India.HCL Launch is a multi-functional, enterprise-grade continuous delivery automation software. Used to handle the most complex deployment processes in DevOps.HCL DevOps Deploy is an application. Can be mapped to your organizational...

DEBIAN-CVE-2025-3070

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

Trend Vision One 跨站脚本漏洞

Trend Vision One is a comprehensive security platform from Trend Vision, Inc. A security vulnerability exists in Trend Vision One that stems from HTML injection and could lead to arbitrary code execution...

STMicroelectronics X-CUBE-AZRTOS-WL 数字错误漏洞

STMicroelectronics X-CUBE-AZRTOS-WL is an Azure RTOS-based development kit for STM32 microcontrollers from STMicroelectronics, Switzerland. A numeric error vulnerability exists in STMicroelectronics X-CUBE-AZRTOS-WL version 2.0.0, which stems from an integer overflow in the PUT request function o...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the first name field in the processMentions method, which allows arbitrary HTML injection into emails. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTML page...

ALPINE-CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

Varnish Cache和Varnish Enterprise 安全漏洞

Varnish Cache and Varnish Enterprise are both products of Varnish Inc.Varnish Cache is a suite of reverse web caching servers.Varnish Enterprise is a high performance caching software. It is used to handle high traffic and optimize business. A security vulnerability exists in Varnish Cache versio...

IMP 安全漏洞

IMP is an open source web-based webmail system from Horde. A security vulnerability exists in IMP version 6.2.27 and earlier, which originates from a specially crafted HTML email that could lead to account takeover...

chuanhuchatgpt 跨站脚本漏洞

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. An HTML injection vulnerability exists in chuanhuchatgpt version 20b2e02, which stems from improper HTML tag cleanup in chat history uploads,...

CLSA-2025-1742319076 Fix CVE(s): CVE-2023-44487

SECURITY UPDATE: The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly - debian/patches/CVE-2023-44487.patch: HTTP/2 - per-iteration stream handling limit. - CVE-2023-44487...

The vulnerability of the OData protocol implementation in the SAP Fiori for SAP ERP business application platform allows a attacker to perform a cache poisoning attack or intercept sessions.

The vulnerability of the OData protocol implementation in SAP Fiori for SAP ERP business application development platforms is related to deficiencies in handling HTTP header requests. Exploiting this vulnerability allows a malicious actor to perform a cache poisoning attack or intercept sessions ...

UpdraftPlus plugin’s vulnerability: The WP Backup & Migration system for WordPress content management system, which allows attackers to inject a PHP object into the system.

UpdraftPlus plugin’s vulnerability: The WP Backup & Migration system of the WordPress content management system is vulnerable due to shortcomings in the deserialization mechanism. Exploiting this vulnerability allows an attacker to inject a PHP object remotely...

Fixed vulnerabilities in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb.

Fortinet has fixed a vulnerability in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb. The vulnerability is in how certain Fortinet products handle HTTP and HTTPS requests. A malicious party with certain privileges can send specially crafted requests that lead to the execution of unauthorize...

JetBrains Ktor 环境问题漏洞

JetBrains Ktor is a web framework for building asynchronous servers and clients in Kotlin from the Czech company JetBrains. Used to create microservices, Web applications , etc., build RESTful API. JetBrains Ktor suffers from a security vulnerability that stems from the occurrence of an HTTP...

CVE-2024-45324

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0...