CVE-2025-4600

CVE-2025-4600 concerns Google Cloud Classic Application Load Balancer. The issue is a HTTP request smuggling vulnerability caused by improper handling of chunked-encoded requests. The root cause is mishandling of chunked data, allowing backend misinterpretation. The fix disallowed stray data afte...

CVE-2025-4600 HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Encoding Validation

A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after ...

CVE-2025-40631

HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected...

PT-2025-21652 · Google · Google Cloud Classic Application Load Balancer

Name of the Vulnerable Software and Affected Versions: Google Cloud Classic Application Load Balancer versions prior to 2025-04-26 Description: A request smuggling issue existed due to improper handling of chunked-encoded HTTP requests, allowing attackers to craft requests that could be...

Google Cloud Classic Application Load Balancer 输入验证错误漏洞

Google Cloud Classic Application Load Balancer is a legacy application load balancing service from Google, Inc. that is used to automatically distribute traffic to back-end service instances in a cloud environment. An input validation error vulnerability exists in Google Cloud Classic Application...

CVE-2025-4701

The CVE-2025-4701 issue affects VITA-MLLM Freeze-Omni (up to 20250421), specifically the torch.load usage in models/utils.py where improper handling of the path argument enables deserialization and a potential local-host exploit. Root cause: manipulation of the path parameter in torch.load leads ...

[SECURITY] Fedora 41 Update: dnsdist-1.9.9-1.fc41

dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic...

[SECURITY] Fedora 42 Update: dnsdist-1.9.9-1.fc42

dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic...

PT-2025-21290 · Unknown +1 · Vita-Mllm Freeze-Omni +1

Name of the Vulnerable Software and Affected Versions: VITA-MLLM Freeze-Omni up to 20250421 Description: A problematic issue has been found, affecting the torch.load function in the models/utils.py file. The manipulation of the path argument leads to deserialization, allowing an attack to be...

The vulnerability of software for managing traffic in hybrid and multi-cloud environments, such as VMware Avi Load Balancer, stems from insufficient protection of registration data. This allows attackers to exploit the vulnerabilities to disclose sensitive information.

The vulnerability of the software for managing traffic in hybrid and multi-cloud environments of VMware Avi Load Balancer is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

The vulnerability of software for managing traffic in hybrid and multi-cloud environments, such as VMware Avi Load Balancer, stems from insecure management of privileges. This allows attackers to escalate their privileges and gain access to create, modify, or delete files.

The vulnerability of the software for managing traffic in hybrid and multi-cloud environments in VMware Avi Load Balancer is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to increase their privileges and gain access to create, modify, or delete...

WordPress Ajax Load More plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Ajax Load More plugin, which stems from the application's lack of effective filtering and escaping of user-supplied...

kernel: exfat: fix memory leak in exfat_load_bitmap()

In the Linux kernel, the following vulnerability has been resolved: exfat: fix memory leak in exfatloadbitmap If the first directory entry in the root directory is not a bitmap directory entry, 'bh' will not be released and reassigned, which will cause a memory leak...

CVE-2025-47630

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Darren Cooney Ajax Load More ajax-load-more allows Stored XSS.This issue affects Ajax Load More: from n/a through = 7.3.1.2...

CVE-2025-47630

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Darren Cooney Ajax Load More ajax-load-more allows Stored XSS.This issue affects Ajax Load More: from n/a through = 7.3.1.2...

CVE-2025-47630

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Darren Cooney Ajax Load More allows Stored XSS. This issue affects Ajax Load More: from n/a through 7.3.1...

WordPress Ajax Load More plugin <= 7.3.1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Ajax Load More versions = 7.3.1.2...

CVE-2025-47630 WordPress Ajax Load More plugin <= 7.3.1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Darren Cooney Ajax Load More ajax-load-more allows Stored XSS.This issue affects Ajax Load More: from n/a through = 7.3.1.2...

CVE-2025-47630 WordPress Ajax Load More <= 7.3.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Darren Cooney Ajax Load More allows Stored XSS. This issue affects Ajax Load More: from n/a through 7.3.1...

CVE-2025-47630

CVE-2025-47630 : Stored XSS in the WordPress Ajax Load More plugin caused by improper input neutralization during page generation. Affected: versions up to 7.3.1; fix released in 7.3.1.2 (PatchStack), with corroboration from NVD/CVE listings. Exploitation status not specified in the provided docu...