Cisco IOS Software Industrial Ethernet Switch Device Manager Privilege Escalation Vulnerability

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager DM of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this...

USN-7490-3: libsoup vulnerabilities

USN-7490-1 fixed vulnerabilities in libsoup2.4. This update provides the corresponding updates for libsoup3. Original advisory details: Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a malicious...

BIT-MASTODON-2024-34535

In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header...

RockyLinux 8 : squid:4 (RLSA-2024:1375)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1375 advisory. squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of service i...

USN-7490-2: libsoup regression

USN-7490-1 fixed vulnerabilities in libsoup. It was discovered that the fix for CVE-2025-32912 was incomplete. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request...

USN-7490-1: libsoup vulnerabilities

Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. CVE-2025-32906 Alon Zahavi discovered that libsoup incorrectly parse...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : libsoup vulnerabilities (USN-7490-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7490-1 advisory. Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP reques...

Security Bulletin: Vulnerability in gunicorn affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2024-1135].

Summary The gunicorn package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the...

HTTP Request Smuggling

h11 is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper input validation in lenient parsing of line terminators in chunked transfer encoding, which can be exploited when combined with a misconfigured proxy...

libsoup: Out of bounds reads in soup_headers_parse_request()

A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

Exploit for Deserialization of Untrusted Data in Bentoml

Setup for the vulnerable version. Start the vulnerable contai...

CVE-2025-24347

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the network configuration file via a crafted HTTP request...

CVE-2025-24349

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to delete the configuration of physical network interfaces via a crafted HTTP request...

CVE-2025-24351

A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request...

CVE-2025-24339

A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle MitM, via a crafted HTTP request...

CVE-2025-40617

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkgseleccionarhoraajax.php...

CVE-2025-40618

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper handling of pywsgi Input.send100continue. An attacker could extract data or compromise data integrity by sending a request with an Expect: 100-continue header. Remediation Upgrade gevent to version...

Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities

Web Shell Client Description & Demo Wshlient is a web shell client designed to be pretty simple yet versatile. One just need to create a text file containing an HTTP request and inform where Wshlient inject the commands, then you can enjoy a shell. In the case the above video does not works for...

CVE-2025-24349

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to delete the configuration of physical network interfaces via a crafted HTTP request...