CVE-2026-48135 HTTP service can incorrectly process malformed HTTP requests

A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation...

ctf-writeups-Doli1

🛡️ Doli 1 — CTF Writeup VulnHub VAPT Report For...

CVE-2026-34124

TP-Link Tapo C520WS v2.6 contains a DoS in HTTP path parsing: the raw request path length is restricted but path expansion during normalization is not accounted for, enabling adjacent-network attackers to craft requests that may cause buffer overflow and memory corruption, potentially interruptin...

CVE-2026-34124 Denial of Service via Path Expansion Overflow in HTTP Service in TP-Link Tapo C520WS

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent...

EUVD-2025-208321

A denial-of-service DoS vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610...

CVE-2025-7375

A denial-of-service DoS vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610...

CVE-2025-7375

Omada EAP610 (v3) is affected by an unauthenticated DoS that can be triggered by crafting HTTP requests from an adjacent network, causing the device’s HTTP service to crash and resulting in temporary unavailability until reboot. Affected firmware versions are prior to 1.6.0. The CVSS 4.0 base met...

CVE-2026-0918

CVE-2026-0918 affects TP-Link Tapo C220 v1 and C520WS v2 cameras. The HTTP service mishandles POST requests with an excessively large Content-Length header, causing a failed memory allocation and a NULL pointer dereference that crashes the main process. This allows an unauthenticated attacker to ...

CVE-2023-31728

Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface...

CVE-2025-66723

inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths...

PT-2025-54227

Name of the Vulnerable Software and Affected Versions inMusic Brands Engine DJ version 4.3.0 Description Engine DJ version 4.3.0 is affected by an issue with insecure permissions. An exposed HTTP service within the Remote Library feature allows attackers to access all files and network paths...

CVE-2025-14636

A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function imagecheck of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the...

PT-2025-47020

Name of the Vulnerable Software and Affected Versions Denver SHO-110 IP cameras affected versions not specified Description Denver SHO-110 IP cameras have a secondary HTTP service accessible on TCP port 8001. This service provides access to the /snapshot endpoint without requiring authentication...

FiberHome AN5506-04-F和FiberHome HG6245D 安全漏洞

FiberHome AN5506-04-F and FiberHome HG6245D are both routers from FiberHome, a Chinese company. A security vulnerability exists in the FiberHome AN5506-04-F and FiberHome HG6245D that stems from a stack buffer overflow issue in the HTTP service, which could lead to a crash or perform flow control...

PT-2025-46729

Name of the Vulnerable Software and Affected Versions FiberHome AN5506-04-FA firmware versions up to and including RP2631 FiberHome HG6245D versions prior to RP2602 Description The HTTP service 'webs' does not properly limit the size of Cookie header values, resulting in a stack-based buffer...

CVE-2025-34501 Shuffle Master Deck Mate 2 Hard-coded Credentials & Exposed Services

Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services SSH, HTTP, Telnet, SMB, X11 are enabled by default. If an attacker can reach these interfaces - most often through local or near-local access such as...

PT-2025-44802

Name of the Vulnerable Software and Affected Versions Deck Mate 2 affected versions not specified Description Deck Mate 2 is shipped with pre-set, unchanging credentials for both the root shell and the web user interface. Multiple management services, including SSH, HTTP, Telnet, SMB, and X11, ar...

Exploit for Authentication Bypass by Primary Weakness in Crushftp

The-Challenge-Soulmate- The "Soulmate" machine from HackTheBox...

EUVD-2020-12499

Malware in sbrugna...

EUVD-2007-0023

Malware in sbrugna...