CVE-2025-58056

The CVE-2025-58056 vulnerability in Netty (affecting 4.1.124.Final and 4.2.0.Alpha3 through 4.2.4.Final) allows HTTP request smuggling when a reverse proxy treats LF as a chunk-size terminator, bypassing CRLF requirements. Netty requires CRLF per HTTP/1.1, but due to LF handling, a proxy can send...

SUSE CVE-2025-55763

Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 latest allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of...

UBUNTU-CVE-2025-55763

Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 latest allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of...

Server-side Request Forgery (SSRF)

Overview johnbillion/wp-crontrol is a package that allows you to take control of the cron events on your WordPress website. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the wpremoterequest function. An attacker can send arbitrary HTTP requests from the...

PT-2025-33093 · Unknown · Rabidhamster

Name of the Vulnerable Software and Affected Versions: RabidHamster versions 1.25 Description: RabidHamster R4 version 1.25 contains a stack-based buffer overflow due to the unsafe use of sprintf when logging malformed HTTP requests. A remote attacker can exploit this issue by sending a specially...

Regular Expression Denial of Service (ReDoS)

Overview @oakserver/oak is an A middleware framework for handling HTTP requests Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the x-forwarded-proto or x-forwarded-for headers. An attacker can cause significant performance degradation by sending...

CVE-2025-8748 OS command injection in MiR robots and MiR fleet via crafted HTTP requests

MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious HTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the underlying operating system...

CVE-2025-8748 OS command injection in MiR robots and MiR fleet via crafted HTTP requests

MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious HTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the underlying operating system...

CVE-2025-51058

Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery SSRF in the /apivedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter...

The vulnerability of the FortiOS operating systems, related to operations beyond the buffer in memory, allows attackers to execute arbitrary code or commands.

The vulnerability of the FortiOS operating systems is related to operations that occur outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or commands by sending specially crafted HTTP requests...

CVE-2025-23311

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering...

CVE-2025-23311

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering...

CVE-2025-51058

Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery SSRF in the /apivedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter...

ROS-20250806-01

Squid proxy server vulnerability is related to buffer overflow in dynamic memory when processing URN headers. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code by sending specially crafted HTTP requests. arbitrary code by sending specially crafted HTTP...

CVE-2025-51058

The CVE-2025-51058 issue affects Bottinelli Informatical Vedo Suite 2024.17. The vulnerability is a Server-Side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, where an authenticated remote attacker can cause HTTP requests to arbitrary remote paths by supplying a file URL paramete...

CLSA-2025-1754412086 nodejs: Fix of CVE-2024-22019

CVE-2024-22019: fix resource exhaustion and DoS vulnerability by limiting number of bytes read from a single connection when handling HTTP requests with chunked encoding...

CVE-2025-54381 BentoML is Vulnerable to an SSRF Attack Through File Upload Processing

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP...

GHSA-MRMQ-3Q62-6CC8 BentoML SSRF Vulnerability in File Upload Processing

Description There's an SSRF in the file upload processing system that allows remote attackers to make arbitrary HTTP requests from the server without authentication. The vulnerability exists in the serialization/deserialization handlers for multipart form data and JSON requests, which automatical...

CVE-2025-25214

A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead to arbitrary code execution...

Cisco Unified Intelligence Center SSRF (cisco-sa-cuis-ssrf-JSuDjeV)

The version of Cisco Unified Intelligence Center installed on the remote host is prior to tested version. It is, therefore, affected by an server-side request forgery vulnerability as referenced in the cisco-sa-cuis-ssrf-JSuDjeV advisory: - A vulnerability in the web-based management interface of...