netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses 103, followed by a 200 with a GET body, then another 200 for a HEAD request when the client pipelines GET the...

Incorrect Authorization

Overview symfony/security-http is a provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. Affected versions of this package are vulnerable to...

CVE-2026-42584 Netty: HttpClientCodec response desynchronization

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll once per response, including for 1xx. If the client pipelines GET then HEAD and the server sends 103,...

VulnCheck KEV: CVE-2024-36675

LyLmespage v1.9.5 is vulnerable to Server-Side Request Forgery SSRF via the gethead function...

CVE-2023-42537

An improper input validation in getheadcrc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write...

SAMSUNG Mobile devices buffer error vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A buffer error vulnerability exists in SAMSUNG Mobile devices prior to SMR Nov-2023 Release 1, which stems from incorrect input validation in the...