60 matches found
PT-2025-39077
Name of the Vulnerable Software and Affected Versions Stocky POS with Inventory Management & HRM ui-lib version 5.0 Description Stocky POS with Inventory Management & HRM ui-lib version 5.0 is affected by a Stored Cross-Site Scripting XSS issue within the Products module, accessible to...
Versity panic induced by AWS chunked data sent to port
Sending AWS chunk data with no Content-Length HTTP header causes the panic, every time. Reproduction Setup versity server running on port 7071, no SSL for ease of packet tracing with tshark. Problem can be reproduced with or without SSL on the versity end. Use nginx to reverse proxy on port 7070...
GHSA-V2CH-C8V8-FGR7 Versity panic induced by AWS chunked data sent to port
Sending AWS chunk data with no Content-Length HTTP header causes the panic, every time. Reproduction Setup versity server running on port 7071, no SSL for ease of packet tracing with tshark. Problem can be reproduced with or without SSL on the versity end. Use nginx to reverse proxy on port 7070...
Linux Distros Unpatched Vulnerability : CVE-2025-46728
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming...
The FBI's Jeffrey Epstein Prison Video Had Nearly 3 Minutes Cut Out
Metadata from the “raw” Epstein prison video shows approximately 2 minutes and 53 seconds were removed from one of two stitched-together clips. The cut starts right at the “missing minute.”...
OESA-2025-1613 cpp-httplib security update
A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size...
OESA-2025-1611 cpp-httplib security update
A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size...
SUSE CVE-2025-46728
cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of incoming HTTP requests with Transfer-Encoding: chunked or without a Content-Length header. An attacker can cause uncontrolled memory allocation on the server b...
DEBIAN-CVE-2025-46728
cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...
CVE-2025-27912
An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when 1 Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or 2 when username/password or Active Directory authentication is in use and a...
GHSA-C4PW-33H3-35XW Atro CSRF Middleware Bypass (security.checkOrigin)
Summary A bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. Details When the security.checkOrigin configuration option is set to true, Astro middleware will perform a CSRF check. Source code:...
CVE-2024-10086
A flaw was found in Consul and Consul Enterprise. This vulnerability allows reflected Cross-site scripting XSS attacks via missing Content-Type HTTP header in server responses, enabling misinterpretation of user-provided inputs. Mitigation Mitigation for this issue is either not available or the...
SAP Enable Now 跨站脚本漏洞
SAP Enable Now is a collaborative content creation, management and sharing platform from SAP. The platform is primarily used for online learning and training in SAP and non-SAP systems. A cross-site scripting vulnerability exists in SAP Enable Now that stems from an unimplemented...
The vulnerability of the ABB eSOMS software for managing production processes allows a hacker to execute arbitrary code.
The vulnerability of the ABB eSOMS software for managing production processes is related to the absence of the X-Content-Type-Options Header in the HTTP response. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2022-2547
A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22...
CVE-2019-17502
Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The processheaderend function calls boaatoi, which ultimately calls atoi on a NULL pointer...
DEBIAN-CVE-2016-6801
Cross-site request forgery CSRF vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the...
UBUNTU-CVE-2016-6801
Cross-site request forgery CSRF vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the...
WengoPhone 2.x - SIP Phone Remote Denial of Service
/main.cpp/ include include using namespace std; ifdef WIN32 include pragma commentlib, "ws232.lib" define close closesocket define writea,b,c senda, b, c, 0 define writetoa,b,c,d,e sendtoa, b, c, 0, d, e define reada,b,c recva, b, c, 0 define readfroma,b,c,d,e recvfroma, b, c, 0, d, e else includ...