EUVD-2017-3388

Malware in sbrugna...

EUVD-2024-28054

Malicious code in bioql PyPI...

CVE-2025-54477 Joomla! Core - [20250902] User-Enumeration in passkey authentication method

Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method...

Gardyn 4 安全漏洞

Gardyn 4 is a home vertical hydroponic growing system from Gardyn USA. A security vulnerability exists in Gardyn 4 that stems from improper request handling and could lead to information disclosure and execution of arbitrary code...

X.Org X Server 安全漏洞

X.Org X Server is an X Window System display server from the X.Org Foundation. A security vulnerability exists in X.Org X Server that stems from improper request handling and could lead to a denial of service...

OctoPrint 安全漏洞

OctoPrint is an open source application from OctoPrint. It provides a fast web interface for controlling consumer 3D printers. A security vulnerability exists in OctoPrint 1.11.1 and earlier versions that stems from improper request handling and could lead to a denial of service...

Improper Request Handling

http-proxy-middleware is vulnerable to Improper Request Handling. The vulnerability is due to improper request handling caused by fixRequestBody executing even when bodyParser has failed, which allows attackers to smuggle malicious HTTP requests...

PCMan FTP Server 安全漏洞

PCMan FTP Server is a server software for File Transfer Protocol FTP. PCMan FTP Server suffers from a buffer overflow vulnerability that stems from the failure of the DIR Command Handler module DIR Command Handler to properly handle a specific request. No detailed vulnerability details are provid...

CVE-2025-32395

Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...

Unexpected Status Code Or Return Value

go-redis is vulnerable to Unexpected Status Code or Return Value. The vulnerability is due to improper request handling due to timeouts in the CLIENT SETINFO command during connection establishment, leading to incorrect command responses and potential data inconsistency...

Regular Expression Denial Of Service (ReDoS)

@octokit/plugin-paginate-rest is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to improper handling of the link parameter in the headers section of the request, which allows a specially crafted input to exploit the regular expression logic and trigger a denial...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper request handling in the RDMA/rxe module, resulting in a memory leak...

Server Side Request Forgery (SSRF)

@lobehub/chat is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to insufficient input validation and improper handling of requests, allowing attackers to craft requests that can target internal services, even without authentication...

PT-2024-23194 · Hcl · Hcl Connections

Name of the Vulnerable Software and Affected Versions: HCL Connections affected versions not specified Description: The issue is related to an information disclosure vulnerability. It could allow a user to obtain sensitive information they are not entitled to because of improperly handling the...

Server-Side Request Forgery (SSRF)

github.com/gotenberg/gotenberg/v8 is vulnerable to Server-side Request Forgery SSRF. The vulnerability is due to improper handling of requests made to the /convert/html endpoint, allowing attackers to exploit local file inclusion by referencing localhost files such as...

CVE-2023-28022 HCL Connections is vulnerable to sensitive information disclosure

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data...

PT-2023-36319 · Atftp · Atftp

Name of the Vulnerable Software and Affected Versions: atftp affected versions not specified Description: The issue arises from atftp's improper management of requests made to non-existent files, potentially leading to a crash. A remote attacker could exploit this to cause a denial of service...

USN-6168-1 libx11 vulnerability

Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into connecting to a malicious X Server, a remote attacker could possibly use this issue to cause libx11 to crash, resulting in a denial of service...

Request smuggling due to improper request handling in golang.org/x/net/http2/h2c

...

CVE-2022-41721 Request smuggling due to improper request handling in golang.org/x/net/http2/h2c

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be...