2154 matches found
EUVD-2025-201097
Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...
CVE-2025-66206
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, certain requests were vulnerable to path traversal attacks, wherein some files from the server could be retrieved if the full path was known. Sites hosted on Frappe Cloud, and even other setups that are behind a rever...
CVE-2025-66206
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, certain requests were vulnerable to path traversal attacks, wherein some files from the server could be retrieved if the full path was known. Sites hosted on Frappe Cloud, and even other setups that are behind a rever...
EUVD-2025-200085
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, certain requests were vulnerable to path traversal attacks, wherein some files from the server could be retrieved if the full path was known. Sites hosted on Frappe Cloud, and even other setups that are behind a rever...
CVE-2025-66206 Frappe vulnerable to a path traversal allowing reading certain files
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, certain requests were vulnerable to path traversal attacks, wherein some files from the server could be retrieved if the full path was known. Sites hosted on Frappe Cloud, and even other setups that are behind a rever...
CVE-2025-66206 Frappe vulnerable to a path traversal allowing reading certain files
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, certain requests were vulnerable to path traversal attacks, wherein some files from the server could be retrieved if the full path was known. Sites hosted on Frappe Cloud, and even other setups that are behind a rever...
CVE-2025-66206
CVE-2025-66206 affects Frappe, a full-stack web application framework. Prior to versions 15.86.0 and 14.99.2 , certain requests were vulnerable to path traversal, enabling retrieval of server files if the full path was known. The issue mainly impacts installations directly using werkzeug/gunicorn...
PT-2025-48550
Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.86.0 Frappe versions prior to 14.99.2 Description Frappe, a full-stack web application framework, had requests vulnerable to path traversal attacks in versions prior to 15.86.0 and 14.99.2. This allowed retrieval of...
EulerOS 2.0 SP13 : mod_http2 (EulerOS-SA-2025-2450)
According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by...
EulerOS 2.0 SP13 : mod_http2 (EulerOS-SA-2025-2440)
According to the versions of the modhttp2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by...
TencentOS Server 4: cpp-httplib (TSSA-2025:0374)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0374 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
EulerOS 2.0 SP10 : mod_http2 (EulerOS-SA-2025-2395)
According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by...
EulerOS 2.0 SP12 : mod_http2 (EulerOS-SA-2025-2366)
According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by...
EulerOS 2.0 SP10 : mod_http2 (EulerOS-SA-2025-2423)
According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by...
[SECURITY] Fedora 41 Update: golang-github-openprinting-ipp-usb-0.9.30-7.fc41
HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol...
HTTP Request Smuggling
Http4s is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of the HTTP trailer section, which allows an attacker—when the app is deployed behind a reverse proxy that forwards trailer headers—to bypass front-end security controls, target active users, and poison...
Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables
Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables. This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...
GHSA-FG8X-Q69G-4QP3 Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables
Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables. This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...
EUVD-2025-36875
Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables...
CVE-2025-10929
Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...