EUVD-2025-209536

Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...

Backdrop CMS Host Header Injection vulnerability

Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...

CVE-2025-63828

Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...

EUVD-2023-56022

Malicious code in bioql PyPI...

CVE-2023-51301

A lack of rate limiting in the "Login Section, Forgot Email" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2023-51301

A lack of rate limiting in the "Login Section, Forgot Email" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2023-51301

A lack of rate limiting in the "Login Section, Forgot Email" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2024-45231

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...

Rocky Linux 8 : httpd:2.4 (RLSA-2024:3121)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3121 advisory. httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 modhttp2: reset requests exhaust memory incomplete fix of CVE-2023-44487 CVE-2023-45802...

httpd:2.4 security update

httpd 2.4.37-64.0.1 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-64 - Resolves: RHEL-14448 - httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 2.4.37-63 - modxml2enc: fix media type handling Resolves: RHEL-14321 modhttp2 1.15.7-10 - Resolves: RHEL-29817 -...

Moderate: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 modhttp2: reset requests exhaust memory incomplete fix of CVE-2023-44487 CVE-2023-45802 For more details about the...

SUSE CVE-2022-3169

A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVMEIOCTLRESET and the NVMEIOCTLSUBSYSRESET through the device file of the driver, resulting in a PCIe link disconnect...

CVE-2022-3169

A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVMEIOCTLRESET and the NVMEIOCTLSUBSYSRESET through the device file of the driver, resulting in a PCIe link disconnect...

CVE-2022-34530

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames...

Zammad Denial of Service Vulnerability (CNVD-2022-70098)

Zammad is a suite of ticket management software from Zammad Germany. v5.1.0 of Zammad suffers from a denial of service vulnerability that stems from a lack of rate limiting in the forgot password feature, which could be exploited by an attacker to potentially cause a denial of service DoS via a...

Default credentials

A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2022-29701

A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

Zammad 安全漏洞

Zammad is a suite of ticket management software from Zammad Germany. v5.1.0 of Zammad suffers from a denial of service vulnerability that stems from a lack of rate limiting in the forgot password feature, which could be exploited by an attacker to potentially cause a denial of service DoS via a...