CVE-2025-12874

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Quest Coexistence Manager for Notes Free/Busy Connector modules allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding CL.TE attack vector. This could allow an attacker to bypass access...

CVE-2025-12874 HTTP Request Smuggling in Quest Coexistence Manager for Notes

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Quest Coexistence Manager for Notes Free/Busy Connector modules allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding CL.TE attack vector. This could allow an attacker to bypass access...

CVE-2025-12874

Quest Coexistence Manager for Notes (Free/Busy Connector modules) contains a HTTP Request/Response Smuggling flaw via Content-Length-Transfer-Encoding (CL.TE). The CVE entry notes the issue affects version 3.8.2045 and may affect other versions; impact includes bypassing access controls, web-cach...

CVE-2025-14267

Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7...

EUVD-2025-204453

Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7...

CVE-2025-14267 Unintended temporary cached data included in a structure only copy intended to be empty of data

Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7...

CVE-2025-14267

CVE-2025-14267 affects M-Files Server prior to version 25.12.15491.7. The issue is incomplete removal of sensitive information before data transfer, enabling potential data-leak exposure. Affected component is the server-side handling of data transfer where sensitive data may remain cached/left b...

CVE-2025-14910

A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handleretr of the component FTP Daemon Service. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. Edimax confirms this issue: "This product is...

CVE-2025-14910

The CVE-2025-14910 entry concerns Edimax BR-6208AC (firmware 1.02) with a path traversal flaw in the FTP Daemon Service’s handle_retr function. The vulnerability allows remote manipulation to traverse filesystem paths. Public exploits exist, and the issue is tied to a discontinued device with no ...

CVE-2025-14910 Edimax BR-6208AC FTP Daemon Service handle_retr path traversal

A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handleretr of the component FTP Daemon Service. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. Edimax confirms this issue: "This product is...

CVE-2025-14910 Edimax BR-6208AC FTP Daemon Service handle_retr path traversal

A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handleretr of the component FTP Daemon Service. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. Edimax confirms this issue: "This product is...

EUVD-2025-204431

A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handleretr of the component FTP Daemon Service. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. Edimax confirms this issue: "This product is...

PT-2025-52508

Name of the Vulnerable Software and Affected Versions Quest Coexistence Manager for Notes version 3.8.2045 Description An inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' exists in Quest Coexistence Manager for Notes Free/Busy Connector modules. This allows HTTP...

PT-2025-52401

A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handle retr of the component FTP Daemon Service. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. Edimax confirms this issue: "This product i...

Konica Bizhub Multifunction Printers Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-20871)

If a scanning destination that requires the registration of authentication information, such as FTP, SMB, or WebDAV, is registered in the address book of a multifunction printer, a remote attacker could steal the registered authentication information by sending a specific SOAP message...

CVE-2025-68389 Kibana Allocation of Resources Without Limits or Throttling

Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 of computing resources and a denial of service DoS of the Kibana process via a crafted HTTP request...

SUSE CVE-2025-68291

In the Linux kernel, the following vulnerability has been resolved: mptcp: Initialise rcvmss before calling tcpsendactivereset in mptcpdofastclose. syzbot reported divide-by-zero in tcpselectwindow by MPTCP socket. 0 We had a similar issue for the bare TCP and fixed in commit 499350a5a6e7 "tcp:...

CVE-2025-67737

AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A user with specific internal knowledge of a...

libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

SUSE CVE-2025-68217

In the Linux kernel, the following vulnerability has been resolved: Input: pegasus-notetaker - fix potential out-of-bounds access In the pegasusnotetaker driver, the pegasusprobe function allocates the URB transfer buffer using the wMaxPacketSize value from the endpoint descriptor. An attacker ca...