EUVD-2022-4928

Malicious code in bioql PyPI...

EUVD-2024-28076

Malicious code in bioql PyPI...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...

Security Bulletin: IBM OpenPages Application API Response Caching Header Update

Summary Some IBM OpenPages API responses currently use the caching directive Cache-Control: max-age=0 instead of the more secure Cache-Control: no-store. While max-age=0 means the content is immediately stale, it may still be stored temporarily in browsers or intermediary caches. For sensitive...

CVE-2025-36082 IBM OpenPages information disclosure

IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system...

UBUNTU-CVE-2025-58068

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

Linux Distros Unpatched Vulnerability : CVE-2018-14773

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through...

Linux Distros Unpatched Vulnerability : CVE-2020-28473

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate...

Linux Distros Unpatched Vulnerability : CVE-2017-2666

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy...

Linux Distros Unpatched Vulnerability : CVE-2021-28116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can...

BIT-LIBPYTHON-2021-23336 Web Cache Poisoning

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to HTTP Request Smuggling due to Gunicorn ( CVE-2024-1135 )

Summary Gunicorn is used by IBM Cloud Pak for Data. CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding headers. By sending a specially crafted HTTPS transfer-encoding...

CVE-2024-33830

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/readDeal.php?mudi=clearWebCache...

CVE-2024-33829

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/readDeal.php?mudi=updateWebCache...

CVE-2023-27238

LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning...

CVE-2023-20232

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could...

CVE-2019-19326

Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return...

CVE-2013-3836

Unspecified vulnerability in the Oracle Web Cache component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to ESI/Partial Page Caching...

CVE-2002-2345

Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access...

Security Bulletin: Vulnerabilities in Apache Tomcat might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Apache Tomcat . Vulnerabilities include Time-of-check Time-of-use TOCTOU Race Condition, Allocation of Resources Without Limits or Throttling, allows remote attackers to cause a denial of service CPU consumpti...