A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header,
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functional
A vulnerability has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014 and classified as critical. This vulnerability affects the function FCGI_WizardProtoProcess
HTML
Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/category_product_search', affecting
A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the arg
Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can in
Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functi
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling.
In 'Elixir.Phoenix.Transp
A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGI_CheckStringIfContainsS
A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2. Affected by this vulnerability is an unknown functionality of the file /commons/attachment/upload of the
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by send
Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while usin
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON pa
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects the function FCGI_CheckStringIfCon
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are
A vulnerability, which was classified as critical, has been found in Prain up to 1.3.0. Affected by this issue is some unknown functionality of the file /?import of the component HTTP POST Request Han
A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads
A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this vulnerability is the function FCGI_WizardProtoProcess o
FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the
The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service (WPS) publish.py CGI script prior to commit 7a5ae