17 matches found
EUVD-2020-5816
Malware in sbrugna...
EUVD-2025-16165
Malicious code in bioql PyPI...
CVE-2025-38658
In the Linux kernel, the following vulnerability has been resolved: nvmet: pci-epf: Do not complete commands twice if nvmetreqinit fails Have nvmetreqinit and req-execute complete failed commands. Description of the problem: nvmetreqinit calls nvmetreqcomplete internally upon failure, e.g.,...
GHSA-93C7-7XQW-W357 Pingora has a Request Smuggling Vulnerability
A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in...
CVE-2023-36925
SAP Solution Manager Diagnostics agent - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application and other applications the Diagnostics Agent can...
CVE-2025-4366
A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: ...
WordPress Plugin Starter Templates Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
Oracle Linux 8 : maven:3.6 (ELSA-2022-1860)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1860 advisory. - Resolves: CVE-2020-13956 maven Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has no...
CVE-2021-20650
Cross-site request forgery CSRF vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started...
Cross site request forgery (csrf)
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...
CVE-2020-13956
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...
Debian DSA-4772-1 : httpcomponents-client - security update
Priyank Nigam discovered that HttpComponents Client, a Java HTTP agent implementation, could misinterpret malformed authority component in a request URI and pick the wrong target host for request execution. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...
Validation Bypass
httpclient is vulnerable to validation bypass. A malformed authority component in the request URIs that is passed to the library as java.net.URI object would result in the request execution for a wrong target host...
CVE-2020-13956
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...
Cross site scripting
A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when "/cgi-bin/NewGUI/Acl.asp" is request...
Proxy-Pro Professional GateKeeper 4.7 Web Proxy - Buffer Overrun
// source: https://www.securityfocus.com/bid/9716/info Proxy-Pro Professional GateKeeper is prone to a remotely exploitable buffer overrun that may be triggered by passing HTTP GET requests of excessive length through the web proxy component. This could be exploited to execute arbitrary code in t...
CVE-2002-0166
Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display...