CVE-2023-39325 : GOOGLE GO HTTP/2 RESET RESOURCE CONSUMPTION
Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While
Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While
Description Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior
Description IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on
Description Emby Server is a user-installable home media server which stores and organizes a user’s media files of virtually any
An HTTP flood DDoS attack is a type of cyber attack that aims to overwhelm a web server with a
Description A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in
Description XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it’s possible to inject arbitrary wiki
Description Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the
Description A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0
Description A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable
Description A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to
Description An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed
Description Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure
Description Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1. References https://huntr.dev/bounties/95e7c181-9d80-4428-aebf-687ac55a9216 https://github.com/kareadita/kavita/commit/9c31f7e7c81b919923cb2e3857439ec0d16243e4 For More Information MITRE
Description The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make
HTTP Protocol Violation What is Prophaze WAF? How Prophaze WAF Works System Requirements Performance SSL Termination Modes Of Operation Prophaze
HTTP Response Splitting Prophaze WAF Blocks Carriage Return (CR) and Line Feed (LF) requests into the Applications which allows attackers
Overview : In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might
[vc_row][vc_column][vc_column_text] Overview : Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo
[vc_row][vc_column][vc_column_text] Overview : cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from
Overview : An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE)
Overview : Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote
Overview : Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn’t limit
Version : pecl-http extension up to 2.6.0beta2/3.1.0beta2 Severity : Medium Explanation : The function merge_param() of the file php_http_params.c. Forged http requests