16584 matches found
CVE-2018-25221 EChat Server 3.1 Buffer Overflow via chat.ghp username Parameter
EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets...
HTTP Request Smuggling
Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to HTTP Request Smuggling via the proxy server. An attacker can gain unauthorized access or manipulate web requests by sending specially crafted header block...
GHSA-3GV6-G396-9V4R Undertow is Vulnerable to HTTP Request/Response Smuggling
A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...
CVE-2021-27113
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters...
CVE-2021-27715
An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request...
CVE-2026-4742
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in visualfc liteide liteidex/src/3rdparty/qjsonrpc/src/http-parser modules. This vulnerability is associated with program files httpparser.C. This issue affects liteide: before x38.4...
CVE-2026-23941
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...
CVE-2026-29969
A cross-site scripting XSS vulnerability in the wffcolspref.css.aspx endpoint of staffwiki v7.0.1.19219 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted HTTP request...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in Node.js HTTP request handling. The flaw triggers when an incoming request includes a header named proto and the server application accesses req.headersDistinct. This causes dest"proto" to incorrectly resolve to...
CVE-2024-51348
A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution RCE by sending a specially crafted HTTP request...
CVE-2024-51348
A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution RCE by sending a specially crafted HTTP request...
EUVD-2026-14701
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in visualfc liteide liteidex/src/3rdparty/qjsonrpc/src/http-parser modules. This vulnerability is associated with program files httpparser.C. This issue affects liteide: before x38.4...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
CVE-2026-4742 HTTP Request Smuggling in visualfc/liteide
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in visualfc liteide liteidex/src/3rdparty/qjsonrpc/src/http-parser modules. This vulnerability is associated with program files httpparser.C. This issue affects liteide: before x38.4...
CVE-2026-4742
Concretely, CVE-2026-4742 affects visualfc/liteide prior to x38.4, with the vulnerability located in http_parser.C within liteidex/src/3rdparty/qjsonrpc/src/http-parser modules. The issue is described as an inconsistent interpretation of HTTP requests that enables HTTP Request/Response Smuggling....
CVE-2026-4742
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in visualfc liteide liteidex/src/3rdparty/qjsonrpc/src/http-parser modules. This vulnerability is associated with program files httpparser.C. This issue affects liteide: before x38.4...
CVE-2026-4742 HTTP Request Smuggling in visualfc/liteide
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in visualfc liteide liteidex/src/3rdparty/qjsonrpc/src/http-parser modules. This vulnerability is associated with program files httpparser.C. This issue affects liteide: before x38.4...
PT-2026-27319
Name of the Vulnerable Software and Affected Versions visualfc liteide versions prior to x38.4 Description An inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' exists in visualfc liteide within the http parser.C program files and the...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
PT-2026-31696
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M1 through 9.0.115, 8.5.0 through 8.5.100, and 7.0.0 through 7.0.109 Description An inconsistent interpretation of HTTP requests 'HTTP Request/Response Smugglin...