EUVD-2019-7107

Malware in sbrugna...

CVE-2022-41949

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. In affected versions an authenticated DHIS2 user can craft a request to DHIS2 to instruct the server to make requests to external resources like third party servers. This could allow...

CVE-2025-21804

In the Linux kernel, the following vulnerability has been resolved: PCI: rcar-ep: Fix incorrect variable used when calling devmrequestmemregion The rcarpcieparseoutboundranges uses the devmrequestmemregion macro to request a needed resource. A string variable that lives on the stack is then used ...

CVE-2025-21804

CVE-2025-21804 affects the Linux kernel in the PCI subsystem for rcar-ep. The root cause is an incorrect variable used when calling devm_request_mem_region(), where a stack-allocated string temporarily stored a dynamic resource name and was passed as a macro argument, causing undefined behavior. ...

aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method

Summary A memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. Impact If the user is making use of any middlewares with aiohttp.web then it is...

PT-2023-27746 · Qsige · Qsige

Name of the Vulnerable Software and Affected Versions: QSige affected versions not specified Description: The QSige login SSO lacks an access control mechanism to verify if a user has sufficient permissions to request a resource. To exploit this, a user must first log into the application...

PT-2025-52948

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s drm/msm/dpu subsystem where unallocated resources can be returned. Specifically, if a topology requests resources not created by the system, the dpu r...

CVE-2021-40143

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance...

CVE-2020-16230

All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing CORS configuration that could abuse this vulnerability, allowing the...

CVE-2019-16321

ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATHINFO...

CSS Keylogger - Chrome Extension And Express Server That Exploits Keylogging Abilities Of CSS

Chrome extension and Express server that exploits keylogging abilities of CSS. To use SetupChrome extension 1. Download repository git clone https://github.com/maxchehab/CSS-Keylogging 2. Visit chrome://extensions in your browser or open up the Chrome menu by clicking the icon to the far right of...

Microsoft Internet Explorer Information Disclosure Vulnerability (CNVD-2015-04586)

Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. A security vulnerability exists in Microsoft IE versions 6 through 11. A remote attacker can exploit the vulnerability to determine...

GET to the vulnerability-vulnerability warning-the black bar safety net

This article is mainly about the current on the Internet get method is non-standard use of some of the security vulnerabilities. Which focuses on speaking the get request in the account login system is abuse of the scene and attacks. 0x01 Get method defined In between the client and server for...

CVE-2015-2413

CVE-2015-2413 affects Microsoft Internet Explorer 6–11. A remote attacker can determine the existence of local files via a crafted module-resource request, an information-disclosure vulnerability arising from how IE handles certain module-resource requests. The public description confirms IE info...

CVE-2015-0764

Cisco Unified MeetingPlace 8.61.9 allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603...

SBox 1.0.4 - Full Path Disclosure

SBox 1.0.4 - Full Path Disclosure source: https://www.securityfocus.com/bid/8705/info sbox has been reported prone to a path disclosure vulnerability. The issue has been reported to present itself when a HTTP request is made for a CGI resource that does not exist. sbox will reportedly return an...

Escapade 0.2.1 Beta Scripting Engine - PAGE Full Path Disclosure

Escapade 0.2.1 Beta Scripting Engine - PAGE Full Path Disclosure source: https://www.securityfocus.com/bid/8574/info Escapade is prone to a path disclosure vulnerability. It is possible to gain access to sensitive path information by issuing a request for an invalid resource, passed as a value fo...