CVE-2026-7857

A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /usergroup.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and m...

SUSE-SU-2026:1062-1 Security update for python310

This update for python310 fixes the following issues: Update to Python 3.10.20: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

[SECURITY] Fedora 43 Update: python-multipart-1.3.1-1.fc43

This module provides a fast incremental non-blocking parser for multipart/form-data HTML5, RFC7578, as well as blocking alternatives for easier use in WSGI or CGI applications...

ROS-20251112-08

A vulnerability in the Python Eventlet network concurrency library is related to an incorrect HTTP request validation in the WSGI parser. Exploitation of the vulnerability could allow an attacker acting remotely to perform HTTP spoofing attacks. remotely to perform HTTP request spoofing attacks...

CVE-2025-10547

An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption...

CVE-2025-10547

An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption...

[SECURITY] [DLA 4289-1] python-eventlet security update

Debian LTS Advisory DLA-4289-1 [email protected] https://www.debian.org/lts/security/ Thomas Goirand September 02, 2025 https://wiki.debian.org/LTS Package : python-eventlet Version : 0.26.1-7+deb11u2 CVE ID : CVE-2025-58068 Debian Bug : CVE-2025-58068 Eventlet is a concurrent networkin...

PT-2025-35318

Name of the Vulnerable Software and Affected Versions Eventlet versions prior to 0.40.3 Description The Eventlet WSGI parser is susceptible to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This issue could allow attackers to bypass front-end security controls, launch...

waitress: Waitress has a denial of service leading to high CPU usage/resource exhaustion

A flaw was found in the Waitress WSGI server for Python. When a remote client closes the connection before waitress has had the opportunity to call getpeername, waitress will incorrectly clean up the connection, leading to the main thread attempting to write to a socket that no longer exists, and...

Argument Injection in PHP-CGI

...

VulnCheck KEV: CVE-2023-4474

The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable...

Weintek cMT Operating System Command Injection Vulnerability

Weintek cMT is a human machine interface application from Weintek. A security vulnerability exists in the Weintek cMT3000 HMI Web CGI that originates from an anonymous attacker who can execute arbitrary commands while logged into the device...

CVE-2021-27210

TP-Link Archer C5v 1.7181221 devices allows remote attackers to retrieve cleartext credentials via USERCFG0,0,0,0,0,00,0,0,0,0,00,0 to the /cgi?1&5 URI...