Header Injection

Axios is vulnerable to Header Injection. The vulnerability is due to the presence of a gadget chain that allows existing Prototype Pollution in dependent code to be escalated, enabling attackers to achieve remote code execution or access sensitive resources such as AWS IMDSv2 metadata...

CVE-2026-4396

Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...

EUVD-2021-2071

Malware in sbrugna...

EUVD-2022-40715

Malicious code in bioql PyPI...

GO-2025-3940 Atlantis Exposes Service Version Publicly on /status API Endpoint in github.com/runatlantis/atlantis

Atlantis Exposes Service Version Publicly on /status API Endpoint in github.com/runatlantis/atlantis...

CVE-2025-41452 Post auth nginx configuration injection in Danfoss AK-SM8xxA Series

Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by improper handling of exceptional conditions...

CVE-2025-49567 Illustrator | NULL Pointer Dereference (CWE-476)

Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires us...

CVE-2025-8805 Open5GS SMF gsm-sm.c smf_gsm_state_wait_pfcp_deletion denial of service

A vulnerability was determined in Open5GS up to 2.7.5. Affected by this issue is the function smfgsmstatewaitpfcpdeletion of the file src/smf/gsm-sm.c of the component SMF. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the publ...

PT-2025-31956 · Undefined · Undefined

Hi, I run a following script for a vulnerability test for my home network; nmap 192.168.1.1/24 -n -sP |rg -o "192." scan.txt nmap -sV --script vulners --script-args mincvss=7.0 -iL scan.txt Then I get this Vulner output in port 80; Nmap scan report for 192.168.1.5 Host is up 0.00021s latency. Not...

CVE-2025-47281 Kyverno's Improper JMESPath Variable Evaluation Leads to Denial of Service

Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below, a Denial of Service DoS vulnerability exists due to improper handling of JMESPath variable substitutions. Attackers with permissions to create or update Kyverno policies can craft...

CVE-2025-48997

Summary of CVE-2025-48997 (Multer DoS) : Multer, a Node.js middleware for multipart/form-data, is vulnerable starting in version 1.4.4-lts.1 up to but not including 2.0.1. An attacker can trigger a Denial of Service by sending an upload request with an empty string field name, causing an unhandle...

CVE-2025-48943 vLLM allows clients to crash the openai server with invalid regex

vLLM is an inference and serving engine for large language models LLMs. Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service ReDoS that causes the vLLM server to crash if an invalid regex was provided while using structured output. This vulnerability is similar to...

CVE-2023-24822

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. Th...

CVE-2021-1058

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x prior to 8.6 and version 11.0 prior to 11.3...

CVE-2021-1065

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x prior to 8.6 and version 11.0 prior to 11.3...

CVE-2025-48075 Fiber panics when fiber.Ctx.BodyParser parses invalid range index

Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, fiber.Ctx.BodyParser can map flat data to nested slices using keyidxvalue syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process t...

IBM MQ 9.3 < 9.3.0.26 LTS / 9.3 < 9.4 CD / 9.4 < 9.4.0.7 LTS (7178243)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7178243 advisory. - IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being...

CVE-2024-55986

CVE-2024-55986 : The Red Hat and ENISA ENISA ENISA-linked entries confirm an SQL Injection in the serviceonline Service. Copied from the CVE description, the issue is an improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected software is the Service com...

CVE-2022-38113

This vulnerability discloses build and services versions in the server response header...

CVE-2022-38113

CVE-2022-38113 corresponds to an information-disclosure vulnerability in SolarWinds Security Event Manager (SEM). The issue stems from server response headers disclosing build and service-version information, enabling an attacker to determine software aging and lineage. Public sources consistentl...