CVE-2025-21512

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

CVE-2024-21169

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Partners. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks o...

CVE-2024-21150

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

CVE-2024-20940

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Create, Update, Authoring Flow. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

CVE-2024-21188

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications component: Chatbot. Supported versions that are affected are 6.0.0.0.0 and 6.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

CVE-2023-47209

A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to...

Node.js < 20.19.2 HTTP Request Smuggling Vulnerability - Windows

Node.js is prone to an HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

Node.js < 20.19.2 HTTP Request Smuggling Vulnerability - Mac OS X

Node.js is prone to an HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

CVE-2022-27934

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP...

CVE-2021-42697

Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...

CVE-2021-2463

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Application Framework. Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2021-2311

Vulnerability in the Oracle Hospitality Inventory Management product of Oracle Food and Beverage Applications component: Export to Reporting and Analytics. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP...

CVE-2020-14840

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Diagnostics. Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

CVE-2020-5758

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API...

CVE-2020-14659

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite component: Preferences. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM...

CVE-2020-35669

An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request...

CVE-2020-14897

Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications component: Pre Login. Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

CVE-2015-9546

An issue was discovered on Samsung mobile devices with KK4.4 and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker can modify the client-server data stream to insert directory traversal sequences into an extracted fi...

CVE-2019-2647

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2018-5354

The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not authenticate the intended server before opening a browser window. An unauthenticated...