Exploit for Session Fixation in Ollama

CVE-2025-51471 - Ollama Cross-Domain Token Exposure PoC !CVE...

EUVD-2018-4205

Malware in sbrugna...

libsoup: Null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an Unauthorized response with Digest authentication

A flaw was found in libsoup, where soupauthdigestauthenticate is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash...

SUSE CVE-2025-4476

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed...

CVE-2025-4476

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed...

libsoup: NULL pointer dereference in client when server omits the "nonce" parameter in an Unauthorized response with Digest authentication

A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash...

Libsoup: null pointer dereference in client when server omits the "nonce" parameter in an unauthorized response with digest authentication

...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the soupauthdigestauthenticate process. An attacker can cause the application to crash by sending a crafted unauthorized response that omits the "realm" parameter. Remediation There is no fixed version for...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference due to the omission of the nonce parameter by the server in an unauthorized response with digest authentication. Remediation There is no fixed version for libsoup. References - Red Hat Bugzilla Bug - Red Hat CVE...

CVE-2025-32912

CVE-2025-32912 affects libsoup (SoupAuthDigest); a NULL pointer dereference can crash the libsoup client (and possibly server) when handling authentication. Multiple advisories note patched libsoup versions (e.g., Mageia, Debian LTS, CBL-Mariner, Amazon Linux 3) and provide package upgrades. Affe...

CVE-2025-32912 Libsoup: null pointer dereference in client when server omits the "nonce" parameter in an unauthorized response with digest authentication

A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash...

CVE-2025-32910

CVE-2025-32910 affects libsoup (libsoup3) with a NULL pointer dereference in soup_auth_digest_authenticate() when the server omits the realm parameter in a Digest auth flow. This can cause the libsoup client to crash. Affected versions include libsoup3 prior to 3.0.4-7 (per CBLMariner), and relat...

GHSA-Q7G5-JQ6P-6WVX Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value

Impact Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP response 401 is returned, the message will be...

LDAP authentication bypass with empty password

Impact Users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated binds eg. default on Active Directory are affected. Patch...

CVE-2019-20489

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface setup.cgi has an authentication bypass and other problems that ultimately allow an attacker to remotely compromise the device from a malicious webpage. The attacker sends an FWremote.htm&todo=cfginit reque...

Design/Logic Flaw

In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. The reflected traffic is 6 times bigger than spoofed requests. This occurs because the construction of a "4.01...

UBUNTU-CVE-2018-12227

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However,...

CVE-2018-12227

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However,...