CVE-2026-33952 FreeRDP: DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggers a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABR...

HTTP Fetch, Linux Chmod

Fetch and execute an ARMLE payload from an HTTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/http/armle/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options...

CVE-2025-8863

YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission...

VulnCheck KEV: CVE-2025-48928

TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dum...

CVE-2022-40705

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This...

CVE-2022-24140

IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the update from the file a...

The vulnerability of the stats-over-http plugin in the Apache Traffic Server web server allows a hacker to cause a service failure.

The vulnerability of the stats-over-http plugin in the Apache Traffic Server web server is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability may allow a malicious actor to cause service interruptions remotely...

DEBIAN-CVE-2021-43082

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0...

Apache Traffic Server 安全漏洞

Apache Traffic Server, referred to as ATS or TS, is a high-performance, modular HTTP proxy and caching server. stats-over-http plugin in Apache Traffic Server version 9.1.0 is vulnerable to a heap buffer overflow. An attacker could exploit this vulnerability to overwrite memory...

CVE-2017-16041

ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks...