CVE-2025-7673

A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50ABOM.5C0 could allow an unauthenticated attacker to cause denial-of-service DoS conditions and potentially execute arbitrary code by sending a specially crafted HTTP...

CVE-2025-7673

CVE-2025-7673 affects Zyxel VMG8825-T50K with firmware versions prior to V5.50(ABOM.5)C0. A buffer overflow in the URL parser of the zhttpd web server could be triggered by a specially crafted HTTP request, allowing an unauthenticated attacker to cause a denial-of-service condition and potentiall...

NodeJS 24.x - Path Traversal

Exploit Title : NodeJS 24.x - Path Traversal Exploit Author : Abdualhadi khalifa CVE : CVE-2025-27210 import argparse import requests import urllib.parse import json import sys def exploitpathtraversalprecisetargeturl: str, targetfile: str, method: str - dict: traversesequence = "..\" 6...

Exploit for CVE-2025-23167

CVE-2025-23167 – Node.js HTTP Request Smuggling Exploit Worki...

CVE-2025-53643 AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...

CVE-2025-53643 AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...

CVE-2025-53643

CVE-2025-53643 (aiohttp) : Prior to 3.12.14, the Python parser is vulnerable to HTTP request smuggling due to not parsing trailer sections. If a pure-Python build (no C extensions) or AIOHTTP_NO_EXTENSIONS is used, an attacker may smuggle requests to bypass certain firewalls/proxy protections. Th...

AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

Summary The Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execu...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via incorrect parsing of the trailer section in HTTP requests. An attacker can bypass firewall or proxy protections by crafting specially formed HTTP requests. Note: This is exploitable if the pure Python version ...

CVE-2025-7603

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. Affected is an unknown function of the file /jingx.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploi...

CVE-2025-7602

A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /arpsys.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has...

CVE-2025-7603

CVE-2025-7603 affects D-Link DI-8100 (firmware 16.07.26A1). The vulnerability is in the HTTP Request Handler’s /jingx.asp file, where an input size/length validation failure leads to a stack-based buffer overflow. This enables remote exploitation with potential arbitrary code execution or denial ...

CVE-2025-7603 D-Link DI-8100 HTTP Request jingx.asp stack-based overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. Affected is an unknown function of the file /jingx.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploi...

CVE-2025-7603 D-Link DI-8100 HTTP Request jingx.asp stack-based overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. Affected is an unknown function of the file /jingx.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploi...

CVE-2025-7602

CVE-2025-7602 affects D-Link DI-8100 (version 16.07.26A1). The vulnerability resides in the HTTP Request Handler’s processing of the /arp_sys.asp file and causes a stack-based buffer overflow. This can allow remote exploitation and has publicly disclosed exploit code. Multiple connected sources c...

CVE-2025-7602 D-Link DI-8100 HTTP Request arp_sys.asp stack-based overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /arpsys.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has...

CVE-2025-7602 D-Link DI-8100 HTTP Request arp_sys.asp stack-based overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /arpsys.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has...

D-Link DI-8100 安全漏洞

The D-Link DI-8100 is a broadband router from D-Link designed for small to medium-sized network environments, supporting up to 4 Internet ports and 4 LAN ports for up to 80 simultaneous users. The D-Link DI-8100 suffers from a buffer overflow vulnerability that originates from the failure of the...

PT-2025-29979 · D Link · Di-8100

Name of the Vulnerable Software and Affected Versions: D-Link DI-8100 version 16.07.26A1 Description: A critical vulnerability exists in the D-Link DI-8100. The issue is related to unknown processing of the file /menu nat more.asp within the HTTP Request Handler component, leading to a stack-base...

curl: HTTP Request Smuggling Vulnerability Analysis - cURL Security Report

HTTP Request Smuggling Vulnerability Report - cURL Summary: cURL does not explicitly reject HTTP requests that contain both Transfer-Encoding and Content-Length headers, which can lead to HTTP request smuggling vulnerabilities CWE-444 when the request passes through intermediary systems proxies,...