12658 matches found
FreeFloat FTP Server 安全漏洞
FreeFloat FTP Server is an FTP service from Freefloat. A buffer overflow vulnerability exists in FreeFloat FTP Server that stems from the LCD Command Handler component failing to properly validate the length size of the input data, no details of the vulnerability are provided at this time...
jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability
A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGSMAXHEADERLISTSIZE parameter...
CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices
Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Clou...
GHSA-MJFQ-3QR2-6G84 Cosmos EVM Allows Partial Precompile State Writes
Impact Setting lower EVM call gas allows users to partially execute precompiles and error at specific points in the precompile code without reverting the partially written state. If executed on the distribution precompile when claiming funds, it could cause funds to be transferred to a user witho...
Cosmos EVM Allows Partial Precompile State Writes
Impact Setting lower EVM call gas allows users to partially execute precompiles and error at specific points in the precompile code without reverting the partially written state. If executed on the distribution precompile when claiming funds, it could cause funds to be transferred to a user witho...
CVE-2023-53146
In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fix null-ptr-deref in dw2102i2ctransfer In dw2102i2ctransfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach...
Correlating Account on Ethereum Mixing Service Via Domain-Invariant Feature Learning
The untraceability of transactions facilitated by Ethereum mixing services like Tornado Cash poses significant challenges to blockchain security and financial regulation. Existing methods for correlating mixing accounts suffer from limited labeled data and vulnerability to noisy annotations, whic...
Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h14 / 10.2.x < 10.2.11 / 11.0.x < 11.0.7 / 11.1.x < 11.1.5 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14-h14, 10.2.x prior to 10.2.11, 11.0.x prior to 11.0.7, or 11.1.x prior to 11.1.5. It is, therefore, affected by a vulnerability. Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks...
php: Header parser of http stream wrapper does not handle folded headers
A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...
libsoup: Denial of service on libsoup through HTTP/2 server
A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service DoS...
php: Configuring a proxy in a stream context might allow for CRLF injection in URIs
A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...
php: Streams HTTP wrapper does not fail for headers with invalid name and no colon
A flaw was found in PHP. This vulnerability allows applications to accept invalid headers via malformed HTTP headers missing a colon :, which may confuse applications into processing them as valid headers...
FreeBSD : www/varnish7 -- Request Smuggling Attack (89c668d5-2f80-11f0-9632-641c67a117d8)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 89c668d5-2f80-11f0-9632-641c67a117d8 advisory. The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish...
Important: amazon-cloudwatch-agent
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
CVE-2024-56523
Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method...
PT-2025-33: Security restriction bypass in macOS Shortcuts
The vulnerability was identified in macOS Shortcuts, versions to macOS Sequoia 15.5. The discovered vulnerability allows an attacker to bypass security restrictions and execute arbitrary code delivered via an FTP or SMB server. Vulnerability status: Confirmed by vendor Date of vulnerability...
www/varnish7 -- Request Smuggling Attack
The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish Cache and Varnish Enterprise. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 requests. An attacker can abuse a flaw in Varnish's handling of chunked...
Revealing Weaknesses in Text Watermarking through Self-Information Rewrite Attacks
Text watermarking aims to subtly embed statistical signals into text by controlling the Large Language Model LLM's sampling process, enabling watermark detectors to verify that the output was generated by the specified model. The robustness of these watermarking algorithms has become a key factor...
POISONCRAFT: Practical Poisoning of Retrieval-Augmented Generation for Large Language Models
Large language models LLMs have achieved remarkable success in various domains, primarily due to their strong capabilities in reasoning and generating human-like text. Despite their impressive performance, LLMs are susceptible to hallucinations, which can lead to incorrect or misleading outputs...
DEBIAN-CVE-2025-37882
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event,...