14 matches found
EUVD-2025-22806
Malicious code in bioql PyPI...
EUVD-2025-23174
Malicious code in bioql PyPI...
CVE-2025-50578
LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirect attacks. This allows the loading...
PT-2025-31395
Name of the Vulnerable Software and Affected Versions heimdall version 2.6.3-ls307 Description The application does not properly validate user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. This allows for Host Header Injection and Open Redirect attacks. An unauthenticated remo...
CVE-2025-50578
LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirect attacks. This allows the loading...
CVE-2025-54597
LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter...
CVE-2025-54597
CVE-2025-54597 affects LinuxServer.io Heimdall prior to 2.7.3. A cross-site scripting (XSS) vulnerability is triggered via the query parameter q in the web UI, due to an uncleared input. Impact is described as XSS with potential user impact on affected deployments; exploitation details are not pr...
CVE-2025-54597
LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter...
CVE-2023-51803
LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "" substring...
CVE-2023-51803
LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "" substring...
CVE-2023-51803
LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "" substring...
CVE-2023-51803
LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "" substring...
CVE-2023-51803
LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "" substring...
CVE-2023-51803
LinuxServer.io Heimdall before 2.5.7 is affected. The issue arises in the Icon Handler which does not prevent icons containing non-image data (e.g., ""), allowing such data to be processed. This is documented across multiple sources (NVD/Red Hat/OSV) with CVSS 3.1 base metrics indicating high imp...