Security Bulletin: Rational Performance Tester contains vulnerabilities related to the Netty framework

Summary Due to the use of Netty, Rational Performance Tester contains vulnerabilities that could allow HTTP request smuggling or a denial of service attack. CVE-2025-58056, CVE-2025-58057 Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network...

curl: HTTP Request Smuggling and SSRF via CRLF Injection in Curl_add_custom_headers

Summary: A lack of CRLF validation in Curladdcustomheaders at lib/http.c:1761 allows users to inject arbitrary HTTP headers. This violation of RFC 7230 §3.2.4 leads to HTTP Request Smuggling and potential SSRF bypass. AI Disclosure: I utilized an AI assistant to aid in the initial code analysis a...

Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-873)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-873 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode...

PT-2026-5660

Name of the Vulnerable Software and Affected Versions SoupServer affected versions not specified Description A flaw exists in SoupServer related to improper handling of HTTP requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. This can lead to an HTTP request...

PT-2026-1149

CVE-2025-22185 - Apache Tomcat HTTP Request Smuggling CVE ID : CVE-2025-22185 Published : Jan. 1, 2026, 1:15 a.m. | 3 hours, 5 minutes ago Description : Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. Severity: 0.0 | NA Visit...

CVE-2025-15178

A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit has be...

CVE-2025-15180

A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The...

CVE-2025-15180 Tenda WH450 HTTP Request webExcptypemanFilte stack-based overflow

A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The...

Security Bulletin: Vulnerability in Netty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

EUVD-2025-205562

A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit has be...

CVE-2025-15178

CVE-2025-15178 affects Tenda WH450 v1.0.0.18, with a stack-based buffer overflow in the HTTP Request Handler triggered by manipulating the page parameter of /goform/VirtualSer. The vulnerability can be exploited remotely and public PoCs exist. Connected sources (Red Hat, NVD, CVE List, CVSS metri...

CVE-2025-15177

A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has be...

EUVD-2025-205565

A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has be...

CVE-2025-15048

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has bee...

CVE-2025-15046

A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. Th...

CVE-2025-8769

CVE-2025-8769 affects MegaSys/Megasys’ Telenium Online Web Application. The vulnerability arises from a Perl script used to load the login page with improper input validation, allowing an attacker to inject arbitrary Perl code through a crafted HTTP request and achieve remote code execution on th...

EUVD-2025-204979

A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. Th...

📄 Varnish / Styx HTTP Request Smuggling

Proof of concept exploit that demonstrates an HTTP request smuggling vulnerability between Varnish and Styx / Nginx. ============================================================================================================================================= | Title : HTTP Request Smuggling TE.CL...

PT-2025-53325

Name of the Vulnerable Software and Affected Versions V-SOL GPON/EPON OLT Platform version 2.03 Description The software contains an information disclosure issue that allows unauthorized access to configuration files. Attackers can obtain sensitive configuration data by sending HTTP GET requests ...

CVE-2025-15048

CVE-2025-15048 affects Tenda WH450 (v1.0.0.18). The vulnerability is in the HTTP Request Handler’s /goform/CheckTools, where tampering with the ipaddress argument enables remote command injection. Exploitation has been publicly disclosed and PoC/materials exist in multiple references; impact is d...