Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

CVE-2025-47812 — Wing FTP Server Unauthenticated remote code...

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

CVE-2025-47812 — Wing FTP Server Remote Code Execution RCE...

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

No d...

php:7.4 security update

libzip 1.6.1-1 - update to 1.6.1 - enable lzma support php 7.4.33-3 - Fix Heap-Use-After-Free in sapireadpostdata Processing in CLI SAPI Interface GHSA-4w77-75f9-2c8w - Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234 - Fix Single byte overread wit...

EulerOS Virtualization 2.10.0 : openssh (EulerOS-SA-2026-1186)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand i...

CLSA-2026-1769686676 php: Fix of 2 CVEs

CVE-2025-1220: add null byte validation and fix hostname formatting to prevent null byte truncation that could bypass hostname access checks - CVE-2025-6491: fix NULL pointer dereference in PHP SOAP Extension via Large XML namespace prefix...

CVE-2026-24489

Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...

CVE-2026-24489

Gakido is a Python HTTP client vulnerable to HTTP header injection (CRLF/NULL) in versions prior to 0.1.1. The vulnerability arises from user-controlled header names/values not being sanitized, allowing an attacker to inject arbitrary headers into requests. The fix added in 0.1.1 provides a dedic...

CVE-2026-24489 Gakido vulnerable to HTTP Header Injection (CRLF Injection)

Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...

CVE-2026-24489 Gakido vulnerable to HTTP Header Injection (CRLF Injection)

Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...

CVE-2026-24489 Gakido vulnerable to HTTP Header Injection (CRLF Injection)

Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...

CVE-2026-24489

Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...

EUVD-2026-4832

Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...

MiracleLinux 7 : rh-php73-php-7.3.20-1.el7 (AXSA:2020-958:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-958:01 advisory. php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte CVE-2019-11045 php: Information...

MiracleLinux 7 : dovecot-2.2.36-3.el7.1 (AXSA:2019-4341:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4341:02 advisory. dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes CVE-2019-11500 Tenable has extracted the precedin...

MiracleLinux 7 : libmspack-0.5-0.7.alpha.el7 (AXSA:2019-4006:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4006:01 advisory. libmspack: Out-of-bounds write in mspack/cab.h CVE-2018-18584 libmspack: chmdreadheaders fails to reject filenames containing NULL bytes...

MiracleLinux 4 : dovecot-2.0.9-22.AXS4.1 (AXSA:2019-4315:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4315:01 advisory. dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes CVE-2019-11500 Tenable has extracted the precedin...

CLSA-2026-1768411712 php: Fix of 2 CVEs

CVE-2025-1220: fix null byte termination in hostnames - CVE-2025-6491: fix NULL pointer dereference in PHP SOAP extension via large XML namespace prefix...

PT-2026-2408

Name of the Vulnerable Software and Affected Versions Kyocera Command Center RX ECOSYS M2035dn affected versions not specified Description The Kyocera Command Center RX ECOSYS M2035dn device contains a directory traversal flaw. Unauthenticated attackers can read sensitive system files by...

CVE-2023-29246

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...