HTTP Request Smuggling

Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunke...

HTTP Request Smuggling

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation ...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunked HTTP requests. An attacker can bypass security restrictions and potentially access or manipulate sensitive data by sending specially crafted HTTP requests that exploit...

GHSA-5RRX-JJJQ-Q2R5 Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability

Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also...

CVE-2025-55315

Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...

CVE-2025-55315

Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to multiple vulnerabilities in Netty (CVE-2025-58056, CVE-2025-58057)

Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the agent-server-relay communication system and is affected by CVE-2025-58056, CVE-2025-58057. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framewo...

PT-2025-42010

Name of the Vulnerable Software and Affected Versions: ASP.NET Core versions 3.0 through 7.0, and Kestrel ≤ 2.3.0 Description: This vulnerability CVE-2025-55315 is a critical HTTP request smuggling flaw in ASP.NET Core's Kestrel web server. It arises from inconsistent interpretation of HTTP...

CVE-2025-11550

A vulnerability was found in Tenda W12 3.0.0.63948. The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from...

EUVD-2025-33411

A vulnerability was found in Tenda W12 3.0.0.63948. The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from...

EUVD-2025-33407

A vulnerability has been found in Tenda W12 3.0.0.63948. The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out...

CVE-2025-11550

A vulnerability was found in Tenda W12 3.0.0.63948. The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from...

CVE-2025-11549

A vulnerability has been found in Tenda W12 3.0.0.63948. The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out...

CVE-2025-11549

CVE-2025-11549 affects Tenda W12 firmware v3.0.0.6(3948). The vulnerability is in the HTTP Request Handler’s wifiMacFilterSet function (file /goform/modules); the mac argument can be manipulated to cause a stack-based buffer overflow. The issue can be exploited remotely, and public proof-of-conce...

CVE-2025-11418

A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP Request Handler. The manipulation of the argument mitssidindex leads to stack-based buffer overflow. The attack may be...

AlmaLinux 10 : podman (ALSA-2025:9146)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:9146 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly fr...

AlmaLinux 10 : opentelemetry-collector (ALSA-2025:12850)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:12850 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly...

AlmaLinux 10 : git-lfs (ALSA-2025:9063)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:9063 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly fr...

CVE-2025-11444 TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow

A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launc...

CVE-2025-11418 Tenda CH22 HTTP Request AdvSetWrlsafeset formWrlsafeset stack-based overflow

A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP Request Handler. The manipulation of the argument mitssidindex leads to stack-based buffer overflow. The attack may be...