CVE-2002-2149

Buffer overflow in Lucent Access Point 300, 600, and 1500 Service Routers allows remote attackers to cause a denial of service reboot via a long HTTP request to the administrative interface...

CVE-2002-1994

advserver.exe in Advanced Web Server AdvServer Professional 1.030000 allows remote attackers to cause a denial of service via multiple HTTP requests containing a single carriage return/line feed CRLF sequence...

CVE-2025-20113 Cisco Unified Intelligence Center Privilege Escalation Vulnerability

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HT...

Open Redirect

Flask-AppBuilder is vulnerable to Open Redirect. The vulnerability is due to improper validation of redirect targets due to trusting the Host header in HTTP requests without verifying it against a safe list of domains...

CVE-2025-44084

D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system...

PT-2025-22244 · D Link · D-Link Di-8100

Name of the Vulnerable Software and Affected Versions: D-link DI-8100 version 16.07.26A1 Description: The issue allows an attacker to exploit a Command Injection flaw by crafting specific HTTP requests. This triggers the command execution flaw and can provide the attacker with the highest privile...

CVE-2025-44084

D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system...

CVE-2025-4600

A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after ...

SUSE CVE-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

PT-2025-21652 · Google · Google Cloud Classic Application Load Balancer

Name of the Vulnerable Software and Affected Versions: Google Cloud Classic Application Load Balancer versions prior to 2025-04-26 Description: A request smuggling issue existed due to improper handling of chunked-encoded HTTP requests, allowing attackers to craft requests that could be...

CVE-2025-47905

A vulnerability was found in Varnish Cache. This vulnerability may allow request smuggling attacks, where a malicious actor can craft seemingly legitimate HTTP requests. This issue could result in an unspecified system caching incorrect content that can expose confidential information. Mitigation...

Ruby RACK < 2.2.14 / 3.0.16 / 3.1.14 DoS vulnerability

The version of the RACK Ruby library installed on the remote host is prior to 2.2.14 / 3.0.16 / 3.1.14 . It is, therefore, affected by a DoS vulnerability where an attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU...

Security Bulletin: Vulnerability in aiohttp affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in aiohttp has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

The vulnerabilities of the FortiVoice corporate telephony software’s web interface, the FortiMail email protection system, the Fortinet FortiNDR software-defined detection and intrusion prevention system, the FortiRecorder video surveillance device’s microsoftware, and the FortiCamera video surveillance system allow a perpetrator to execute arbitrary codes.

The vulnerabilities of the FortiVoice corporate telephony software’s web interface, the FortiMail email protection system, the Fortinet FortiNDR software-defined intrusion detection and prevention system, the FortiRecorder video surveillance device’s microsoftware, and the FortiCamera video...

Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability

Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests...

CVE-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

CVE-2025-46721 nosurf vulnerable to CSRF due to non-functional same-origin request checks

nosurf is cross-site request forgery CSRF protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site either via XSS, or otherwise to bypass CSRF checks and issue requests on user's behal...

CVE-2025-32756

A stack-based buffer overflow vulnerability CWE-121 vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8,...

CVE-2025-32756

Fortinet CVE-2025-32756 is a stack-based buffer overflow affecting FortiCamera, FortiMail, FortiNDR, FortiRecorder, FortiVoice (various versions). The root cause is improper bounds checking in processing of the enc parameter (hash AuthHash cookie) sent via HTTP to /remote/hostcheck_validate, enab...

CVE-2025-32756

A stack-based buffer overflow vulnerability CWE-121 vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8,...