EPSON Printers Uncontrolled Search Path Element (CVE-2020-6091)

An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an...

CVE-2025-63658

A stack overflow in the mkhttpindexlookup function mkserver/mkhttp.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

AZL-76380 CVE-2025-63655 affecting package fluent-bit 3.0.6-6

A NULL pointer dereference in the mkhttprangeparse function mkserver/mkhttp.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

CVE-2025-63652

A use-after-free in the mkhttprequestend function mkserver/mkhttp.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

PT-2026-5344

A stack overflow in the mk http index lookup function mk server/mk http.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

CVE-2025-63656

An out-of-bounds read in the headercmp function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

TP-Link Tapo C220 and TP-Link Tapo C520WS have security vulnerabilities

Both the TP-Link Tapo C220 and TP-Link Tapo C520WS are WiFi cameras produced by the Chinese company TP-Link. There are security vulnerabilities in the TP-Link Tapo C220 v1 version and the TP-Link Tapo C520WS v2 version. These vulnerabilities stem from the HTTP parser’s improper handling of reques...

SUSE SLED15 / SLES15 Security Update : python-tornado (SUSE-SU-2026:0222-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0222-1 advisory. - CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values bsc1254905. -...

CVE-2025-56589

A Local File Inclusion LFI and a Server-Side Request Forgery SSRF vulnerability was found in the InsertFromHtmlString function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or...

CVE-2021-47850

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating...

CVE-2021-47850

Mini Mouse 9.2.0 is affected by a path-traversal vulnerability that allows remote exploitation via crafted HTTP requests to manipulate file and path parameters, enabling access to arbitrary system files (e.g., win.ini) and directory listings (e.g., C:\Users\Public). The issue is documented across...

PT-2026-3785

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions prior to 12.5 fixed release, 14SU5, and 15SU4 Cisco Unified Communications Manager Session Management Edition versions prior to 12.5 fixed release, 14SU5, and 15SU4 Cisco Unified Communications...

MiracleLinux 9 : skopeo-1.13.3-4.el9_3 (AXSA:2024-7582:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7582:01 advisory. golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 Tenable has extracted the preceding description...

CVE-2026-23744

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution RCE vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the validate input size of hashtags in HTTP requests. An attacker can exhaust CPU resources by submitting a single HTTP request containing a post with thousands of space-separated...

CVE-2021-47752

AWebServer GhostBuilding 18 contains a denial of service vulnerability that allows remote attackers to overwhelm the server by sending multiple concurrent HTTP requests. Attackers can generate high-volume requests to multiple endpoints including /mysqladmin to potentially crash or render the...

CVE-2026-22779 BlackSheep ClientSession is vulnerable to CRLF injection

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...

CVE-2026-22239 Email Sending Vulnerability in BLUVOYIX

The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable email sending API. Successful exploitation of this vulnerability could allow the...

CVE-2025-47855

CVE-2025-47855 affects Fortinet FortiFone: versions 3.0.13–3.0.23 and 7.0.0–7.0.1 are vulnerable to an unauthenticated information disclosure via crafted HTTP/HTTPS requests (CWE-200). The vulnerability allows retrieval of device configuration. Remediation stated in sources: upgrade to FortiFone ...

CVE-2025-58693

An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests...