CVE-2026-10215

A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...

php: Header parser of http stream wrapper does not handle folded headers

A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000662)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000662 advisory. The requestmodule function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of...

CVE-2025-56091

OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226EW1800GX10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

php: Header parser of http stream wrapper does not handle folded headers

A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...

Azure Linux 3.0 Security Update: php (CVE-2025-1217)

The version of php installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1217 advisory. - In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when...

AZL-59294 CVE-2025-1217 affecting package php for versions less than 8.3.19-1

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME...

SUSE CVE-2025-1217

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME...

Security Bulletin: IBM Maximo Application Suite - AI Broker component uses request-2.88.2.tgz which is vulnerable to this CVE-2023-28155

Summary IBM Maximo Application Suite - AI Broker component uses request-2.88.2.tgz which is vulnerable to this CVE-2023-28155. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerab...

CVE-2024-41150

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800...

Exploit for OS Command Injection in Netgate Pfblockerng

CVE-2022-31814 Updated Exploit - pfBlockerNG = 2.1.426 U...

Exploit for OS Command Injection in Netgate Pfblockerng

CVE-2022-31814 Updated Exploit - pfBlockerNG = 2.1.426 U...

UBUNTU-CVE-2024-36970

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Use requestmodulenowait This appears to work around a deadlock regression that came in with the LED merge in 6.9. The deadlock happens on my system with 24 iwlwifi radios, so maybe it something like all worker...

Integrating mPulse’s Beacon API with EdgeWorkers to Visualize All Client Requests

Akamai mPulse combines with Akamai EdgeWorkers to visualize any client request and uses its http-request module to let users send their own requests...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to server-side request forgery due to [CVE-2023-28155]

Summary Node.js module Request is used by IBM App Connect Enterprise Certified Container operands for both internal and external HTTP calls. IBM App Connect Enterprise Certified Container operands are vulnerable to server-side request forgery. This bulletin provides patch information to address t...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a server-side request forgery due to Node.js Request module (CVE-2023-28155).

Summary IBM App Connect Enterprise is vulnerable to a server-side request forgery due to Node.js Request module CVE-2023-28155. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side request forgery, caused by a cross-protocol redirect bypass...

@backstage/plugin-scaffolder-backend (>=0.0.0-nightly-2021712211 <=0.15.24-next.0), @backstage/plugin-scaffolder-backend-module-confluence-to-markdown (>=0.0.0-nightly-20230325022054 <=0.0.0-nightly-20230801022410) +8 more potentially affected by CVE-2023-35926 via @backstage/plugin-scaffolder-backend (>=0.0.0-nightly-20220708025041 <=0.18.0)

@backstage/plugin-scaffolder-backend NPM version =0.0.0-nightly-20220708025041, =0.0.0-nightly-2021712211, =0.0.0-nightly-20230325022054, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =0.0.0-nightly-20230112022659, =0.0.0-nightly-2022122206, =1.0.8, =1.0.0, =1.0.0, =2.2.0 -...

SUSE CVE-2012-4398

The requestmodule function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service memory consumption via a crafted application...

Malicious code in @aia-digital/request-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 67340329fc557c52c46df3ed3cd53846a4151bed1d93e5f3fd8cfd116f6caf77 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-63 Malicious code in @aia-digital/request-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 67340329fc557c52c46df3ed3cd53846a4151bed1d93e5f3fd8cfd116f6caf77 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...