EUVD-2026-36467

Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length...

UBUNTU-CVE-2026-50011

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken fro...

UBUNTU-CVE-2026-42504

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

Astra Linux – Vulnerability in librabbitmq

A issue was discovered in amqphandleinput within amqpconnection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption during the handling of THE CONNECTIONSTATEHEADER. A malicious server could return a malicious frame header, resulting in a smaller targetsize...

CVE-2025-64101 ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection

Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, a potential vulnerability exists in ZITADEL's password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...

EUVD-2019-4107

Malware in sbrugna...

EUVD-2025-27995

Malicious code in bioql PyPI...

GO-2025-3721 ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection in github.com/zitadel/zitadel

ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

CVE-2023-30845

ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases...

PT-2024-19204 · Biosig +1 · Libbiosig +1

Name of the Vulnerable Software and Affected Versions: The Biosig Project libbiosig versions 2.5.0 and Master Branch ab0ee111 Description: A double-free vulnerability exists in the BrainVision Header Parsing functionality. This can be triggered by a specially crafted .vdhr file, potentially leadi...

http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...

http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...

SUSE CVE-2021-22881

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...

HTTP Response Splitting

netty-codec-http is vulnerable to HTTP response splitting attack. The vulnerability exists in the setObject function of DefaultHeaders.java as it takes the arrays and iterators as arguments, providing a way to bypass value validation allowing an attacker to inject malicious header values into the...

CVE-2022-41915

Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling DefaultHttpHeadesr.set with an iterator of values, header value validation was not performed, allowing malicious header values in the iterator to...

SUSE: Security Advisory (SUSE-SU-2021:1807-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write. An issue was discovered in amqphandleinput in amqpconnection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTIONSTATEHEADER. A rogue server could...

UBUNTU-CVE-2019-18609

An issue was discovered in amqphandleinput in amqpconnection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTIONSTATEHEADER. A rogue server could return a malicious frame header that leads to a smaller targetsize value than needed...

Remote Code Execution (RCE)

firefox is vulnerable to remote code execution. A heap-based buffer overflow in the nesteggtrackcodecdata function allows a remote attacker to execute arbitrary code via a WebM video containing a malicious header...

Pivotal Cloud Foundry and UAA Denial of Service Vulnerabilities

Pivotal Cloud Foundry PCF is a product of Pivotal Software, Inc. in the United States. pcf is an open source platform-as-a-service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment, among other features. cf-release is a release...