276 matches found
UBUNTU-CVE-2025-66200
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
Summary Short summary of the problem. Make the impact and severity as clear as possible. A flawed implementation of the Kubernetes aggregation layer's authentication flow could enable bypassing RBAC controls. Details Give all details on the vulnerability. Pointing to the incriminated source code ...
CVE-2025-12344
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...
CVE-2025-12344 Yonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted upload
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...
CVE-2025-12344 Yonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted upload
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...
CVE-2025-12344
Summary : CVE-2025-12344 affects Yonyou U8 Cloud up to 5.1sp. The vulnerability lies in an unknown function within /service/NCloudGatewayServlet (Request Header Handler) where manipulation of the ts/sign argument enables an unrestricted file upload. Exploitation can be performed remotely, and pub...
EUVD-2020-0334
Malware in sbrugna...
EUVD-2008-1690
Malware in sbrugna...
EUVD-2000-0835
Malware in sbrugna...
EUVD-2020-23851
Malware in sbrugna...
EUVD-2018-0797
Malware in sbrugna...
EUVD-2023-35120
Malicious code in bioql PyPI...
EUVD-2022-47952
Malicious code in bioql PyPI...
EUVD-2023-0544
Malicious code in bioql PyPI...
CVE-2025-48956
A flaw was found in vLLM. A denial of service DoS vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does n...
CVE-2025-50125
A CWE-918: Server-Side Request Forgery SSRF vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header...
CVE-2023-49952
Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...
CVE-2021-32813
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation,...
CVE-2020-36309
ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...
CVE-2020-23776
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request...