14 matches found
Flowise: Sensitive Data Leak in public-chatbotConfig
Summary /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just of a chatflow UUID can retrieve credentials stored in password type fields and HTTP headers,...
CVE-2026-34767
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via...
CVE-2026-34767
Summary : Electron apps that register custom protocol handlers (protocol.handle()/protocol.registerSchemesAsPrivileged()) or use webRequest.onHeadersReceived can be vulnerable to HTTP response header injection when untrusted input is reflected into header names or values. Impact : injected header...
HAPI FHIR HTTP authentication leak in redirects
When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...
USN-7490-3 libsoup3 vulnerabilities
USN-7490-1 fixed vulnerabilities in libsoup2.4. This update provides the corresponding updates for libsoup3. Original advisory details: Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a malicious...
CVE-2023-7237
Lantronix XPort sends weakly encoded credentials within web request headers...
CVE-2023-7237
Lantronix XPort sends weakly encoded credentials within web request headers...
CVE-2023-7237 Lantronix XPort Weak Encoding for Password
Lantronix XPort sends weakly encoded credentials within web request headers...
CVE-2023-7237
CVE-2023-7237 affects Lantronix XPort (XPort Device Server Configuration Manager, v2.0.0.13) where credentials are weakly encoded in web request headers. The issue is documented in multiple sources (NVD, CISA ICS advisory) with CVSS v3.1 base score 5.7 (ATT&CK details not explicitly stated). The ...
Lantronix Xport Encryption Issue Vulnerability
Lantronix Xport Edge is a hardware device from Lantronix, Inc. that enables Ethernet connectivity and control of industrial equipment. A security vulnerability exists in Lantronix Xport version 2.0.0.13, which is caused by sending weakly encoded credentials in the web request header...
PT-2024-15243 · Lantronix · Lantronix Xport
Name of the Vulnerable Software and Affected Versions: Lantronix XPort affected versions not specified Description: The issue concerns the transmission of weakly encoded credentials within web request headers. Recommendations: At the moment, there is no information about a newer version that...
SUSE CVE-2019-9741
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command...
UBUNTU-CVE-2017-12165
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling...
undertow: improper whitespace parsing leading to potential HTTP request smuggling
It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling...