CVE-2025-62189

LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may create a new user account by sending a crafted HTTP request...

GO-2025-4147 Minder does not sandbox http.send in Rego programs in github.com/mindersec/minder

Minder does not sandbox http.send in Rego programs in github.com/mindersec/minder...

EUVD-2025-199333

Malicious code in @clausehq/flows-step-httprequest npm...

ROS-20251125-03

WSGI server gunicorn vulnerability is related to flaws in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the existing security restrictions and execute an HTTP request smuggling attack...

PT-2025-47944

Name of the Vulnerable Software and Affected Versions Magewell Pro Convert version 1.2.213 Description A Cross-Site Request Forgery CSRF exists in the /usapi?method=add-user component. This allows attackers to create accounts by sending a specially crafted GET request. The API endpoint...

CVE-2025-65109 Minder does not sandbox http.send in Rego programs

Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have acce...

CVE-2025-62189

LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may create a new user account by sending a crafted HTTP request...

CVE-2025-62189

LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may create a new user account by sending a crafted HTTP request...

PT-2025-47668

Name of the Vulnerable Software and Affected Versions LogStare Collector affected versions not specified Description LogStare Collector has an authorization issue within the UserRegistration component. A user without administrative privileges can create new user accounts by submitting a specially...

Minder does not sandbox http.send in Rego programs

Impact Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to for example, if the Minder server is behind a firewall or other network partition. Patches...

EUVD-2025-198365

Minder does not sandbox http.send in Rego programs...

GHSA-6XVF-4VH9-MW47 Minder does not sandbox http.send in Rego programs

Impact Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to for example, if the Minder server is behind a firewall or other network partition. Patches...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.59 packages and security update

Red Hat OpenShift Container Platform release 4.14.59 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

CLSA-2025-1763490076 Fix CVE(s): CVE-2025-62168

SECURITY UPDATE: failure to redact HTTP authentication credentials in error handling allows information disclosure - debian/patches/CVE-2025-62168.patch: Fix HttpRequest::pack to mask sensitive information to prevent disclosure - CVE-2025-62168...

libsoup: Out of bounds reads in soup_headers_parse_request()

A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

CVE-2025-60876

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

CVE-2021-4465

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 Pro, 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker through a single crafted HTTP GET request, allowing...

ROS-20251117-04

A vulnerability in the LXD container and lightweight virtual machine management system is related to redundant API data output. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to potentially sensitive information The vulnerability in the LXD container and...

CVE-2025-36236

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server formerly known as NIM master service nimesis could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system...

CVE-2021-4465 ReQuest Serious Play F3 Media Server <= 7.0.3 Remote DoS

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 Pro, 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker through a single crafted HTTP GET request, allowing...