133 matches found
PcVue 安全漏洞
PcVue is a reliable, secure, and powerful operational software platform developed by PcVue Corporation. It is specifically designed for monitoring and controlling applications in industries such as building management and park management. Versions 12.0.0 to 16.3.3 of PcVue contain security...
SUSE SLES12 Security Update : python36 (SUSE-SU-2026:0612-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0612-1 advisory. - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. -...
Security update for python3
This update for python3 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...
SUSE-SU-2026:0643-1 Security update for python39
This update for python39 fixes the following issues: - CVE-2025-11468: Fixed a header injection when folding a long comment in an email header containing exclusively unfoldable characters. bsc1257029 - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters...
Monica 安全漏洞
Monica is an AI assistant of the Monica company. Version 4.1.2 of Monica contains a security vulnerability, which stems from improper handling of HTTP headers, potentially leading to header poisoning attacks...
CVE-2025-8308 Reflected XSS in Key Software's INFOREX
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Through HTTP Headers. This issue affects INFOREX- General Information Management System: from 2025 and...
Key INFOREX 跨站脚本漏洞
Key INFOREX is a financial and banking management system developed by the Turkish company Key. The Key INFOREX version 2025 and earlier versions had a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation, which could allow cross-site...
Fortinet FortiOS 环境问题漏洞
Fortinet FortiOS is a security operating system developed by Fortinet Corporation, specifically for use on the FortiGate network security platform. This system provides users with various security features, including firewalls, antivirus protection, IPSec/SSL VPN, web content filtering, and...
USN-8018-1: Python vulnerabilities
Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this issue to inject arbitrary headers into email messages. This issue only affected python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, and...
cpython: wsgiref.headers.Headers allows header newline injection in Python
Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...
CVE-2025-71031
Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...
CVE-2025-7713
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers.This issue affects Content Management System CMS: through 21072025...
CVE-2025-7713
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers. This issue affects Content Management System CMS: through 21072025...
PT-2026-5295
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers.This issue affects Content Management System CMS: through 21072025...
CVE-2026-22263
Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available...
CVE-2021-47900
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...
CVE-2021-47900
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...
EUVD-2021-34749
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...
BIT-PYTHON-MIN-2026-0865 wsgiref.headers.Headers allows header newline injection
User-controlled header names and values containing newlines can allow injecting HTTP headers...
CVE-2026-22543 WEEK ENCODING FOR PASSWORDS
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...