Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware

A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the...

EUVD-2019-8890

Malware in sbrugna...

(0Day) Array Networks MotionPro Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Array Networks MotionPro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

USN-5090-4: Apache HTTP Server regression

USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote...

USN-5090-3: Apache HTTP Server regression

USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote...

Response Splitting

http4s-client is vulnerable to response splitting. Creating the fields such as Header names Header.name, Header values Header.value, Status reason phrases Status.reason, URI paths Uri.Path, URI authority registered names URI.RegName allows an attacker to inject a malicious character such as...

CVE-2021-41084

http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names Header.nameå, Header values Header.value, Status reason phrases...

Authentication flaw

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths...

Starbucks: Korea - LFI Server directory traversal at starbucks.co.kr

b4bilal discovered a misconfiguration when handling URI paths. This permitted an adversary to traverse the docroot and access non sensitive resources that are normally unavailable to web users. @b4bilal — thank you for reporting this vulnerability and for confirming the resolution...

CVE-2019-13197

Some Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code...

FreeBSD : Istio -- Security vulnerabilities (484d3f5e-653a-11e9-b0e3-1c39475b9f84)

Istio reports : Two security vulnerabilities have recently been identified in the Envoy proxy. The vulnerabilities are centered on the fact that Envoy did not normalize HTTP URI paths and did not fully validate HTTP/1.1 header values. These vulnerabilities impact Istio features that rely on Envoy...

Istio -- Security vulnerabilities

Istio reports: Two security vulnerabilities have recently been identified in the Envoy proxy. The vulnerabilities are centered on the fact that Envoy did not normalize HTTP URI paths and did not fully validate HTTP/1.1 header values. These vulnerabilities impact Istio features that rely on Envoy ...