29 matches found
EUVD-2026-39515
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...
[SECURITY] Fedora 43 Update: erlang-cowlib-2.17.1-1.fc43
Support library for manipulating Web protocols...
[SECURITY] Fedora 44 Update: erlang-cowlib-2.17.1-1.fc44
Support library for manipulating Web protocols...
Malicious code in metrics-probe-dc85 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aaa3316d23c1a348fb5c68a36eb775ca51f90d0e44973508dd5a8ba5a139e932 On install, package.json declares postinstall: node run.js, which auto-executes run.js when the package is installed. run.js imports os, fs, http,...
Linux Distros Unpatched Vulnerability : CVE-2026-49129
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set withou...
DEBIAN-CVE-2026-49129
Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...
[SECURITY] Fedora 43 Update: erlang-cowlib-2.16.1-1.fc43
Support library for manipulating Web protocols...
[SECURITY] Fedora 44 Update: erlang-cowlib-2.16.1-1.fc44
Support library for manipulating Web protocols...
CVE-2026-44661 python-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol
python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...
CVE-2026-42404
CVE-2026-42404 — Apache Neethi : The PolicyReference API allows an application calling a remote policy reference to initiate outbound requests to arbitrary protocols/IPs, with no URI restrictions pre-3.2.2. Reports indicate the issue enables unrestricted HTTP redirection when fetching remote poli...
[SECURITY] Fedora 42 Update: curl-8.11.1-8.fc42
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
CVE-2023-50266
Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get without any sanitization, which leads to a blind server-side request forgery SSRF. This issue allo...
[SECURITY] Fedora 43 Update: squid-7.2-1.fc43
Squid is a high-performance proxy caching server for Web clients, supporting FTP and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups...
CVE-2025-54479
When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
pwntools
This is a CTF Capture The Flag framework and exploit development library. It is written in Python and provides a set of tools for developing and executing exploits. The library is designed to be extensible and customizable, allowing users to easily add new functionality and plugins. The library i...
Squid: dos against http and https
...
Linux Distros Unpatched Vulnerability : CVE-2021-20220
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x...
PT-2025-9317
Name of the Vulnerable Software and Affected Versions Advanced IP Scanner affected versions not specified Advanced Port Scanner affected versions not specified Description The issue involves the unauthorized exposure of confidential information when the applications initiate a network scan, sendi...
RHEL 7 : firefox (RHSA-2025:0132)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:0132 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
squid: DoS against HTTP and HTTPS
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk...