CVE-2026-8047

The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device...

PT-2026-43199

The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device...

CVE-2026-31842

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...

CVE-2026-34121 Authentication Bypass in DS Configuration Service via HTTP Request Parsing Differential of TP-Link Tapo C520WS

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

CVE-2026-34118

Summary (CVE-2026-34118): A heap-based buffer overflow in TP-Link Tapo C520WS (v2.6) occurs in the HTTP POST body parsing due to missing validation of remaining buffer capacity after dynamic allocation, i.e., insufficient boundary validation for externally supplied HTTP input. An attacker on the ...

SUSE-SU-2026:1030-1 Security update for salt

This update for salt fixes the following issues: - Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...

CVE-2025-41766

The CVE-2025-41766 issue is a stack-based buffer overflow found while parsing web requests via the ubr-network method. A low-privileged remote attacker can exploit a crafted HTTP POST to trigger the overflow, leading to full device compromise. Documented details include the vulnerability type, at...

CVE-2021-31227

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...

Stack-based buffer overflow vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor

Overview Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs multifunction printers. Web Image Monitor contains a stack-based buffer overflow vulnerability CWE-121 due to inappropriate parsing process of HTTP request. Zhihong Tian, Hui L...

PT-2024-12893 · Tinyproxy · Tinyproxy

Name of the Vulnerable Software and Affected Versions: Tinyproxy version 1.11.1 Description: An uninitialized memory use issue exists while parsing HTTP requests. In certain configurations, a specially crafted HTTP request can result in disclosure of data allocated on the heap, which could contai...

squid: denial of service in HTTP request parsing

A flaw was found in Squid, which is susceptible to a Denial of Service DoS due to an Uncontrolled Recursion bug, specifically targeting HTTP Request parsing. Exploiting this issue involves a remote client initiating a DoS attack by sending an oversized X-Forwarded-For header when the...

OESA-2024-1116 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker...

CLSA-2024-1706026919 Fix CVE(s): CVE-2023-50269

SECURITY UPDATE: Denial of Service in HTTP Request parsing - debian/patches/CVE-2023-50269.patch: Limit the number of allowed X-Forwarded-For hops - CVE-2023-50269...

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-55350)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which can be exploited by a remote attacker to submit a specially crafted web request that can be tricked into being parsed by the user, which can...

The vulnerability of the Apache Tomcat application server allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Apache Tomcat application server is related to the inconsistent interpretation of http requests. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2018-4031

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without...

Cisco Web Security Appliance AsyncOS Denial of Service Vulnerability (CNVD-2016-03366)

Cisco Web Security Appliance WSA is a set of Web security appliances from the U.S. company Cisco Cisco. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy development, etc. Cisco AsyncOS is a set of operating systems running on it. A...