CVE-2026-31870

A flaw was found in cpp-httplib. A remote attacker, acting as a malicious server or through a man-in-the-middle position, can send a specially crafted HTTP response with a malformed Content-Length header. This lack of input validation and exception handling causes the client application to crash,...

CVE-2026-31870 cpp-httplib Affected by Remote Process Crash via Malformed Content-Length Response Header

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API httplib::stream::Get, httplib::stream::Post, etc., the library calls std::stoull directly on the Content-Length header value received from the server...

CVE-2026-27942

A flaw was found in fast-xml-parser. A user can exploit this flaw by processing specially crafted XML data with the XML builder when the preserveOrder option is enabled. This can lead to a stack overflow, causing the application to crash and resulting in a Denial of Service DoS. Mitigation To...

MiracleLinux 4 : firefox-52.3.0-3.0.1.AXS4 (AXSA:2017-2206:04)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2017-2206:04 advisory. Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or,...

MiracleLinux 4 : firefox-52.5.0-1.0.1.AXS4 (AXSA:2017-2420:06)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2017-2420:06 advisory. Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or,...

CVE-2025-66497

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruptio...

CVE-2025-66496

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruptio...

CVE-2025-66498 Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruptio...

EUVD-2025-204464

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruptio...

PT-2025-52425

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruptio...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the api.ParseJSONRequest or api.getContentType functions. An attacker can cause excessive memory consumption by sending requests with either an excessively long OID containing man...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the api.ParseJSONRequest or api.getContentType functions. An attacker can cause excessive memory consumption by sending requests with either an excessively long OID containing man...

CVE-2025-41706 Phoenix Contact: Webserver Denial of Service through Malformed Content-Length

The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality...

CVE-2025-58767 REXML has a DoS condition when parsing malformed XML file

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...

Use of Uninitialized Resource

Overview helm.sh/helm/pkg/chartutil is a package that contains tools for working with charts. Affected versions of this package are vulnerable to Use of Uninitialized Resource via improper validation when parsing Chart.yaml and index.yaml files. An attacker can cause a panic in the application by...

webkitgtk: processing maliciously crafted web content may lead to arbitrary code execution

A flaw was found in webkitgtk. The vulnerability occurs due to improper input validation, leading to an out-of-bounds write. This flaw allows an attacker with network access to pass specially crafted web content files, causing arbitrary code execution...

CVE-2023-0587

A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory...

CVE-2021-20101

Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content...

CVE-2002-1881

Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service web browser crash via malformed content in a Flash Shockwave .SWF file, as demonstrated by by ROT13 encoding the body of the file but not the headers...

USN-7490-1 libsoup2.4 vulnerabilities

Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. CVE-2025-32906 Alon Zahavi discovered that libsoup incorrectly parse...