CVE-2026-22779

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...

ROS-20251203-08

The aiohttp HTTP client vulnerability is related to the fact that the final sections of an HTTP request are not analyzed. Exploitation of the vulnerability could allow an attacker acting remotely to perform spoofing attacks on HTTP requests. HTTP requests...

EUVD-2020-19404

Malware in sbrugna...

EUVD-2021-33485

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-32911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the HTTP client. An attacker can obtain sensitive information by sending specially crafted HTTP requests that exploit improper header handling. Remediation A fix was pushed into the master branch but not yet...

CVE-2022-38106

This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function...

CVE-2024-11922

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...

CVE-2024-11922 Input Validation vulnerability in Web Client emails that do not go through Secure Mail

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...

IBM Datacap Navigator Cross-Site Scripting Vulnerability

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Datacap Navigator, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI...

CVE-2023-36474 Interactsh server settings make users vulnerable to Subdomain Takeover

Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e app. Interactsh server used to create cname entries for app pointing to...

F5 BIG-IP Edge Client Windows Component Installer 7.2.x < 7.2.3.1 DLL Hijacking (K76964818)

The version of the Big-IP Edge Client Windows Component Installer installed on the remote Windows host is 7.2.2.x or 7.2.3.x before 7.2.3.1. It is, therefore, affected by a DLL hijacking vulnerability in the BIG-IP Edge Client for Windows. CVE-2023-22358 C Tenable Network Security, Inc...

TP-LINK AX10 信任管理问题漏洞

The TP-LINK AX10 is a router from China P&L TP-LINK. A security vulnerability exists in the TP-LINK AX10 version V12111117, which originates from the use of hard-coded encryption keys by web application clients when communicating with the router. An attacker could use this vulnerability to obtain...

AZL-10529 CVE-2022-1705 affecting package golang for versions less than 1.18.5-1

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid...

Security Bulletin: IBM UrbanCode Velocity CVE-2021-44228, Apache Log4j

Summary IBM UrbanCode Velocity is vulnerable to CVE-2021-44228, Apache Log4j in the web client. The other IBM UrbanCode Velocity services are built upon JavaScript which use Log4js and based on current knowledge and analysis, we believe are not affected. Vulnerability Details CVEID: CVE-2021-4422...

OMERO.web 信息泄露漏洞

OMERO.web is a client program from the Open Microscopy Environment team for viewing images on the OMERO server from a web browser. An information disclosure vulnerability exists in OMERO.web that stems from the exposure of page information...

DEBIAN-CVE-2020-15693

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...

DEBIAN-CVE-2017-18635

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name...

Oracle Agile PLM Remote Vulnerability (CNVD-2017-26392)

Oracle Supply Chain Products Suite is a set of supply chain solutions from Oracle, which provides value chain planning, value chain execution, product lifecycle management, etc. Oracle Agile PLM Product Lifecycle Management is one of the lifecycle management components. Oracle Agile PLM Product...

async-http-client certificate validation vulnerability

async-http-client is a client library that allows Java applications to perform HTTP requests and asynchronously process that HTTP response. async-http-client fails to properly disable SSL/TLS certificate validation, allowing an attacker to exploit the vulnerability to conduct a man-in-the-middle...