12 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-42038
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, he fix for noproxy hostname normalization bypass is incomplete. Wh...
CVE-2025-66482
Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option trustProxy has been added in config file to...
CVE-2025-66482
Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option trustProxy has been added in config file to...
CVE-2025-66482
Misskey CVE-2025-66482 affects the login rate-limiting mechanism via forged X-Forwarded-For headers. The vulnerability arises from an insecure default for trustProxy in the config, making instances vulnerable if not explicitly overridden. It is addressable starting with version 2025.9.1 by introd...
CVE-2024-31309
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting proxy.config.http2.maxcontinuationframesperminute to limit the number of CONTINUATION frames...
openSUSE 15 Security Update : yt-dlp (openSUSE-SU-2023:0374-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0374-1 advisory. - yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp...
CentOS 8 : GNOME (CESA-2019:3553)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3553 advisory. - webkitgtk: HTTP proxy setting deanonymization information disclosure CVE-2019-11070 - evince: uninitialized memory use in function tiffdocumentrender...
CentOS 7 : webkitgtk4 (RHSA-2020:4035)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4035 advisory. - WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH,...
Family Connections CMS 2.5.0 & 2.7.1 - (less.php) Remote Command Execution
No description provided by source. ?php / Family connections CMS v2.5.0-v2.7.1 remote command execution exploit vendor: https://www.familycms.com/ software link: https://www.familycms.com/download.php author: mrme::rwx kru email: steventhomasseeley!gmail!com ----------------------------------...
[jSQL Injection v0.5] Java tool for automatic database injection
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. jSQL Injection change log - version 0.5 0.5 SQL shell Uploader 0.4 Admin page checker and preview Brute forcer md5...
[jSQL Injection v0.4] Java tool for automatic database injection
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Version 0.4 features: GET, POST, header, cookie methods Normal, error based, blind, time based algorithms Automatic...
CVE-2008-3329
Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."...