CVE-2025-48956

A flaw was found in vLLM. A denial of service DoS vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does n...

Input validation

Due to insufficient input validation, SAP NetWeaver AS Java HTTP Provider Service - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful exploitation, an attacker can view or modify information causing a limited impact on the confidentiality...

CVE-2022-41262

CVE-2022-41262 affects SAP NetWeaver AS Java (HTTP Provider Service), version 7.50. The issue is due to insufficient input validation that allows an unauthenticated attacker to inject a script into a web request header. The resulting impact is described as limited in confidentiality and integrity...

CVE-2022-41262

Due to insufficient input validation, SAP NetWeaver AS Java HTTP Provider Service - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful exploitation, an attacker can view or modify information causing a limited impact on the confidentiality...

CVE-2022-2466

It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior...

Gradle 信息泄露漏洞

Gradle Enterprise can improve developer productivity by accelerating builds, improving build reliability, and speeding up build debugging. An attacker could exploit this vulnerability to obtain potentially sensitive build/configuration details via a specially crafted HTTP request with the...