CVE-2025-10569

CVE-2025-10569 affects GitLab CE/EE: versions 8.3–18.5.4, 18.6–18.6.2, and 18.7–18.7.0 were vulnerable to authenticated-user DoS by sending crafted responses to external API calls. GitLab released fixes in 18.5.5, 18.6.3, and 18.7.1 (patch notes linked). Impact is availability disruption; no conf...

kernel: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTCCTRLRSVDSVC and should not be...

EUVD-2024-28058

Malicious code in bioql PyPI...

UBUNTU-CVE-2023-53185

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTCCTRLRSVDSVC and should not be...

CVE-2021-21613

Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control TICS service response content...

CVE-2024-30122

HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers...

CVE-2024-30122 HCL Sametime is impacted by misconfigured security related HTTP headers

HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers...

PT-2024-23197 · Hcl · Hcl Sametime

Name of the Vulnerable Software and Affected Versions: HCL Sametime affected versions not specified Description: The issue is related to misconfigured security-related HTTP headers in HCL Sametime. Specifically, some HTTP headers are missing from web service responses, which can lead to less secu...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when CSP headers were only sent along with responses that Rails considered as "HTML" responses. This left API requests without CSP headers, which could possibly expose users to this vulnerability. Workaround: Se...

SUSE Linux Enterprise Server 代码问题漏洞

SUSE Linux Enterprise Server is a suite of enterprise server edition Linux operating systems from SUSE Germany. A code issue vulnerability exists in SUSE Linux Enterprise Server that stems from the product's failure to properly handle service responses. An attacker could cause a denial of service...

CVE-2018-1360

A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses...

The vulnerability of the iOS operating system, which allows a hacker to trigger a device service failure.

The vulnerability of the iOS operating system is related to errors in the code. Exploiting this vulnerability allows a malicious actor to cause a device to fail to respond to service requests by sending a specially crafted Unicode text message, which is not properly processed when sent via SMS or...