Linux Distros Unpatched Vulnerability : CVE-2020-17510

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. CVE-2020-17510 Note that...

Linux Distros Unpatched Vulnerability : CVE-2018-11039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request...

CVE-2025-58068 Eventlet affected by HTTP request smuggling in unparsed trailers

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

CVE-2025-54142

Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards...

Eventlet 环境问题漏洞

Eventlet is a concurrent networking library for Python. An environmental issue vulnerability exists in versions prior to Eventlet 0.40.3 that stems from improper handling of HTTP request entrainment, which could lead to a front-end security control bypass...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an improper check of complex JSON in the HTTP handler. An attacker can cause excessive memory and CPU consumption by submitting specially-crafted payloads that meet the default...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an improper check of complex JSON in the HTTP handler. An attacker can cause excessive memory and CPU consumption by submitting specially-crafted payloads that meet the default...

CVE-2025-9505 Campcodes Online Loan Management System ajax.php sql injection

A flaw has been found in Campcodes Online Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=saveloantype. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2025-9505 Campcodes Online Loan Management System ajax.php sql injection

A flaw has been found in Campcodes Online Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=saveloantype. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

Linux Distros Unpatched Vulnerability : CVE-2023-49082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request...

Linux Distros Unpatched Vulnerability : CVE-2024-33452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request. CVE-2024-3345...

Linux Distros Unpatched Vulnerability : CVE-2020-13574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial o...

CVE-2025-29514

Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request...

CVE-2025-29514

Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request...

CVE-2025-5514 Denial-of-Service(DoS) Vulnerability in Web server function on MELSEC iQ-F Series CPU module

Improper Handling of Length Parameter Inconsistency vulnerability in web server function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to delay the processing of the web server function and prevent legitimate users from utilizing the web...

CVE-2025-29514

CVE-2025-29514 affects D-Link DSL-7740C (firmware DSL7740C.V6.TR069.20211230). The issue is an incorrect access control in the config.xgi function that could allow an attacker to download the device configuration by sending a crafted web request. CVSS v3.1 vector indicates Network access, Low att...

CVE-2025-29514

Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request...

PT-2025-34673 · Smm Panel · Smm Panel

Name of the Vulnerable Software and Affected Versions: SMM Panel version 3.1 Description: A SQL Injection vulnerability exists in SMM Panel version 3.1. This allows remote attackers to potentially gain sensitive information by sending a crafted HTTP request with the action parameter set to servic...

Linux Distros Unpatched Vulnerability : CVE-2016-9920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not proper...

CVE-2025-48956

A flaw was found in vLLM. A denial of service DoS vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does n...