CVE-2026-32239

A flaw was found in the KJ-HTTP component of Cap’n Proto. When processing HTTP messages, a negative Content-Length value could be implicitly converted to an unsigned integer, resulting in an extremely large length value. An attacker could exploit this behavior by sending specially crafted HTTP...

Melon 安全漏洞

Melon is a C-language code library developed by Niklaus Schen. Versions of Melon prior to 9df9292 contained security vulnerabilities. These vulnerabilities stemmed from the lack of a maximum length limit in the HTTP component, which could lead to denial-of-service attacks by consuming memory...

CVE-2025-71031

CVE-2025-71031 affects Water-Melon Melon prior to commit 9df9292. The HTTP component lacks a maximum header length, enabling a crafted header to exhaust RAM and cause a Denial of Service. CVSS v3.1 base score 7.5 (HIGH) with network access, low attack complexity, no privileges required, no user i...

PT-2025-35587

Name of the Vulnerable Software and Affected Versions: Tenda CP6 version 11.10.00.243 Description: A vulnerability exists in the function sub 2B7D04 of the uhttp component. Manipulation of this function can lead to a risky cryptographic algorithm. This attack can be launched remotely and is...

ALSA-2025:9147 Moderate: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

PT-2025-22144 · Unknown +1 · Mini Httpd +1

Name of the Vulnerable Software and Affected Versions: Netgear DGND3700 version 1.1.00.15 1.00.15NA Description: A vulnerability has been found in the mini http component, specifically affecting the /currentsetting.htm file, leading to information disclosure. The attack can be initiated remotely...

CVE-2025-31161

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka "Unauthenticated HTTPS port access." A race condition exists in the AWS4-HMAC compatible wi...

CVE-2025-29891 Apache Camel: Camel Message Header Injection through request parameters

Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is...

PT-2025-9733

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.24.1 and 1.23.7 Description A security issue was found in the net/http component. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

Cyberspace Mapping Dork Fofa app="JETBRAINS-TeamCity...

Stack overflow

A vulnerability was found in Tenda W6 1.0.0.94122. It has been rated as critical. Affected by this issue is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched...

CVE-2024-0717

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853,...

CVE-2024-0542

A vulnerability was found in Tenda W9 1.0.0.74456. It has been rated as critical. Affected by this issue is the function formWifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has...

Stack overflow

A vulnerability, which was classified as critical, has been found in Tenda W9 1.0.0.74456. Affected by this issue is the function setWrlAccessList of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The...

CVE-2023-46733: Possible session fixation

Affected versions Symfony versions =5.4.21, 5.4.31, and = 6.2.7, 6.3.8 of the Symfony Security HTTP component are affected by this security issue. The issue has been fixed in Symfony 5.4.31, 6.3.8. Description SessionStrategyListener does not always migrate the session after a successful login. I...

CVE-2023-0613

A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /wireless/security.asp of the component httpd. The manipulation leads to memory corruption. The attack can be launched remotely. The...

Ariadne Component Library 代码问题漏洞

Ariadne Component Library is a set of url, http and xss components for Ariadne CMS open source. A code issue vulnerability exists in Ariadne Component Library version 2.x and prior versions. An attacker could exploit this vulnerability to perform server-side request forgery attacks...

Zend Zend\Mail / Zend\Http Component HTTP Response Splitting Vulnerability

Zend Framework is an open source framework for developing web programs and services with PHP. A security vulnerability in Zend Framework, which is used by the Zend Zend\Mail / Zend\Http component, could be exploited by remote attackers to conduct HTTP response splitting attacks...

Microsoft IIS4 Exair Sample Site Denial Of Service (CVE-1999-0449)

Microsoft Internet Information Services IIS is a multi-featured server product that ships with all versions of Microsoft Windows 2000, XP and Server 2003. The product provides FTP, SMTP, NNTP and HTTP services. The HTTP component, known as the WWW Publishing Service, allows for the serving of...

CVE-2008-7078

Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to 1 cause a denial of service segmentation fault via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the 2 MKD, 3 XMKD, 4 RMD, and other unspecifi...