Threats Tagged 'cwe-241'
View all threats tagged with 'cwe-241'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cwe-241'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2025-66550: CWE-241: Improper Handling of Unexpected Data Type in nextcloud security-advisoriesCVE-2025-66550 0 Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This vulnerability is fixed in 4.7.17 and 5.2.4. Join the discussion | CVE Database V5 | 12/05/2025, 16:56:44 UTC Added: 12/05/2025, 17:15:18 UTC |
CVE-2025-7339: CWE-241 in jshttp on-headersCVE-2025-7339 0 on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `<1.1.0` may result in response headers being inadvertently modified when an array is passed to `response.writeHead()`. Users should upgrade to version 1.1.0 to receive a patch. Uses are strongly encouraged to upgrade to `1.1.0`, but this issue can be worked around by passing an object to `response.writeHead()` rather than an array. Join the discussion | CVE Database V5 | 07/17/2025, 15:47:39 UTC Added: 07/17/2025, 16:01:11 UTC |
Showing 1 to 2 of 2 results