CVE-2025-66206

CVE-2025-66206 affects Frappe, a full-stack web application framework. Prior to versions 15.86.0 and 14.99.2 , certain requests were vulnerable to path traversal, enabling retrieval of server files if the full path was known. The issue mainly impacts installations directly using werkzeug/gunicorn...

PT-2025-48550

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.86.0 Frappe versions prior to 14.99.2 Description Frappe, a full-stack web application framework, had requests vulnerable to path traversal attacks in versions prior to 15.86.0 and 14.99.2. This allowed retrieval of...

EulerOS 2.0 SP13 : mod_http2 (EulerOS-SA-2025-2450)

According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by...

EulerOS 2.0 SP13 : mod_http2 (EulerOS-SA-2025-2440)

According to the versions of the modhttp2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by...

TencentOS Server 4: cpp-httplib (TSSA-2025:0374)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0374 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EulerOS 2.0 SP10 : mod_http2 (EulerOS-SA-2025-2395)

According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by...

EulerOS 2.0 SP12 : mod_http2 (EulerOS-SA-2025-2366)

According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by...

EulerOS 2.0 SP10 : mod_http2 (EulerOS-SA-2025-2423)

According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by...

[SECURITY] Fedora 41 Update: golang-github-openprinting-ipp-usb-0.9.30-7.fc41

HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol...

HTTP Request Smuggling

Http4s is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of the HTTP trailer section, which allows an attacker—when the app is deployed behind a reverse proxy that forwards trailer headers—to bypass front-end security controls, target active users, and poison...

Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables. This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...

GHSA-FG8X-Q69G-4QP3 Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables. This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...

EUVD-2025-36875

Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables...

CVE-2025-10929

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...

CVE-2025-10929

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...

Drupal Reverse Proxy Header 安全漏洞

Drupal Reverse Proxy Header is a custom HTTP header plugin for the Drupal community. A security vulnerability exists in Drupal Reverse Proxy Header version 0.0.0 through versions prior to 1.1.2, which stems from improper input consistency validation and could lead to the manipulation of user...

CVE-2025-10929 Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...

CVE-2025-10929 Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...

CVE-2025-10929

CVE-2025-10929 affects the Drupal Reverse Proxy Header module prior to version 1.1.2. The publicly documented issue is an improper validation of consistency within input, which can allow manipulation of user-controlled variables. The problem is tied to the Reverse Proxy Header behavior and indica...

PT-2025-44357

Name of the Vulnerable Software and Affected Versions Drupal Reverse Proxy Header versions prior to 1.1.2 Description An improper validation of consistency within input exists in Drupal Reverse Proxy Header, allowing manipulation of user-controlled variables. Recommendations Update to version 1.1...