libsoup WebSocket Out-of-Bounds Read Vulnerability Volerion Risk Score: 8.2 Why this matters When max_incoming_payload_size is left unset (or set to 0), a remote attacker can send crafted WebSocket frames that cause the libsoup function process_frame() to read outside a buffer. This out-of-bounds read may crash applications using libsoup or leak memory contents, exposing sensitive information and setting the stage for more severe exploits. Recommended actions Configure applications to set...

OWASP Core Rule Set Multipart Request Processing Vulnerability in Rule 922110 Volerion Risk Score: 7.4 Why this matters In affected versions of the OWASP Core Rule Set (CRS), rule 922110 keeps only the last Content-Type charset it encounters when inspecting multipart requests. An attacker can therefore smuggle a malicious charset (e.g. utf-7) into an earlier part and overwrite it with a benign value later in the request, bypassing the intended WAF protection and allowing harmful payloads to...

cpp-httplib CRLF Injection Vulnerability in Header Processing Allowing SSRF Volerion Risk Score: 7.7 Why this matters cpp-httplib versions ≤ 0.29.0 fail to sanitize carriage return and line feed characters in user-supplied header values. A remote attacker can inject additional headers, alter the HTTP request body, and leverage the issue for server-side request forgery (SSRF) against back-end systems that interpret pipelined requests. Recommended actions Upgrade to cpp-httplib 0.30.0 or later,...