CVE-2025-66570 cpp-httplib Untrusted HTTP Header Handling: Internal Header Shadowing (REMOTE*/LOCAL*)

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTEADDR, REMOTEPORT,...

EUVD-2022-49452

Malicious code in bioql PyPI...

Tenable Nessus Multiple Vulnerabilities (TNS-2025-05)

Tenable Nessus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"; ifdescripti...

CVE-2025-36625

In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application...

PT-2025-17336 · Nessus · Nessus

Name of the Vulnerable Software and Affected Versions: Nessus versions prior to 10.8.4 Description: A non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application. Recommendations: For versions prior to 10.8.4, update to version 10.8.4 or later to...

[R1] Nessus Version 10.8.4 Fixes Multiple Vulnerabilities

R1 Nessus Version 10.8.4 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 04/17/2025 - 11:58 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components libxml2, expat were found to contain vulnerabilities, and updated versions have been...

FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations

A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting governments and other large organizations. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or...