CVE-2025-26819

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections...

CVE-2025-26819

CVE-2025-26819 affects Monero up to version 0.18.3.4, where the HTTP server did not enforce response limits on connections. The public description states the issue exists before the commit ec74ff4. The linked reference points to that commit as the fix. The attack surface is the HTTP server of Mon...

CVE-2025-26819

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections...

Azure Linux 3.0 Security Update: httpd (CVE-2023-38709)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-38709 advisory. - Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to...

Azure Linux 3.0 Security Update: httpd (CVE-2024-40725)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40725 advisory. - A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy...

Azure Linux 3.0 Security Update: httpd (CVE-2024-39884)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39884 advisory. - A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based...

CVE-2025-24963

Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host: true, an attacker can send a request to that handler from remote to get th...

CVE-2024-10395

No proper validation of the length of user input in httpservergetcontenttypefromextension...

CVE-2022-21593

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: OHS Config MBeans. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP...

CVE-2022-46157

Akeneo PIM is an open source Product Information Management PIM. Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...

CVE-2019-5054

An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 WNR2000v5 with Firmware Version V1.0.0.70 HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference,...

CVE-2019-1904

A vulnerability in the web-based UI web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacke...

CVE-2020-25066

A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service crash/reset or to possibly execute arbitrary code...

CVE-2020-13583

A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-20436

A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a null pointer dereference when accessin...

CVE-2025-24963

Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host: true, an attacker can send a request to that handler from remote to get th...

CVE-2025-24963 Browser mode serves arbitrary files in vitest

Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host: true, an attacker can send a request to that handler from remote to get th...

Security Bulletin: Vulnerability with Eclipse Jetty, e2fsprogs, dnsjava , Apache Commons IO, Apache HTTP Server and Java SE affect IBM Cloud Object Storage Systems (Dec 2024)

Summary Vulnerability with Eclipse Jetty CVE-2024-9823, CVE-2024-6763, CVE-2024-8184, e2fsprogs CVE-2022-1304 dnsjava CVE-2024-25638, Apache Commons IO. CVE-2024-47554 , Apache HTTP ServerCVE-2024-40725 and Java SE CVE-2024-21217,CVE-2024-21235, CVE-2024-21210. This vulnerability has been address...

CVE-2024-10395 net: lib: http_server: Buffer Under-read

No proper validation of the length of user input in httpservergetcontenttypefromextension...

CVE-2024-10395

CVE-2024-10395 affects Zephyr RTOS components (notably the http_server code path handling content-type inference) due to missing validation of input length in http_server_get_content_type_from_extension. Multiple connected sources describe a Buffer Under-read rooted in insufficient length checks,...