BIT-LIBPHP-2025-1217 Header parser of http stream wrapper does not handle folded headers

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME...

Authorization Bypass

jetty-server is vulnerable to authorization bypass. The vulnerability exists as a buffer corruption could occur when the response buffer is too large, allowing the header buffer to be released, but not nulled, causing the server to send incorrect responses to different clients...

Microsoft Windows DNS Server vulnerable to cache poisoning

Overview The Microsoft Windows DNS Server is vulnerable to cache poisoning, which may allow a remote, unauthenticated attacker to cause a Windows DNS server to provide incorrect responses to DNS queries. Description Microsoft Windows DNS Server is a service that provides DNS serving capabilities...

Captcha - response validation bypass

Captcha validation can be bypassed by manipulating request variables while posting or by providing certain incorrect responses. This defeats the purpose of the captcha and makes automated submission possible. Versions affected All versions of Captcha 4.7.x prior to Captcha 4.7-1.2. All versions o...

Incorrect NXDOMAIN responses from AAAA queries could cause denial-of-service conditions

Overview Some DNS servers respond with an inappropriate error message if queried for nonexistent AAAA records, which can lead to possible denial of service. Description Some DNS servers respond with a "Name Error" response code NXDOMAIN, RCODE 3 instead of "No Error" RCODE 0 when queried for a...