USN-8384-1: Apache HTTP Server vulnerability

It was discovered that Apache HTTP Server incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause Apache HTTP Server to consume excessive resources, resulting in a denial of service...

CVE-2026-42855

The vulnerability affects the arduino-esp32 core (WebServer Digest authentication). Before version 3.3.8, the Digest auth hash is computed from the URI field in the Authorization header without validating it against the actually requested URI. As a result, an attacker with any valid digest respon...

CVE-2024-54013

Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the...

CVE-2026-6993

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

CVE-2026-6122

A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...

EUVD-2026-19001

A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been...

SUSE CVE-2026-24733

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...

MiracleLinux 3 : httpd-2.2.3-11.4.1AXS3 (AXBA:2008-331:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2008-331:03 advisory. - Cross-site scripting XSS vulnerability in proxyftp.c in the modproxyftp module in Apache 2.0.63 and earlier, and modproxyftp.c in the modproxyftp...

PT-2025-44625

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The web server allows an attacker to reuse an old session JWT token while a legitimate session is active, potentially leading to session hijacking. An attacker...

PT-2025-44573

CVE-2025-64159 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-64159 Published : Oct. 29, 2025, 4:16 a.m. | 2 hours, 33 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2011-20001

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family incl. SIPLUS variants All versions V2.0.3, SIMATIC S7-1200 CPU V2 family incl. SIPLUS variants All versions V2.0.3. The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate...

PT-2025-41862

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family incl. SIPLUS variants All versions V2.0.3, SIMATIC S7-1200 CPU V2 family incl. SIPLUS variants All versions V2.0.3. The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate...

EUVD-2019-10185

Malware in sbrugna...

EUVD-2024-39306

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2023-50224

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability...

The vulnerability of the built-in web server boa (/boafrm/formOneKeyAccessButton) of the TOTOLINK A702R router’s microprogramming software allows a intruder to trigger a service failure.

The vulnerability of the built-in web server boa /boafrm/formOneKeyAccessButton of the TOTOLINK A702R router’s microprogramming software is related to the issue of data being written outside the buffer in memory when processing the submit-url parameter. Exploiting this vulnerability allows a...

The vulnerability of the built-in web server boa (/boafrm/formIpQoS) of TOTOLINK A702R router’s microprogramming software allows a intruder to cause a service failure.

The vulnerability of the built-in web server boa /boafrm/formIpQoS of TOTOLINK A702R router software is related to the issue of the operation exceeding the buffer in memory when processing the mac parameter. Exploiting this vulnerability allows a malicious actor to cause service failure by sendin...

D-Link DI-8100 安全漏洞

The D-Link DI-8100 is an enterprise-class router device from D-Link. A buffer overflow vulnerability exists in the D-Link DI-8100 version 1.0, which originates from the improper handling of the parameters removeextproto/removeextport by the sprintf function in the /upnpctrl.asp file of the...

CVE-2019-6323

HP Color LaserJet Pro M280-M281 Multifunction Printer series before v. 20190419, HP LaserJet Pro MFP M28-M31 Printer series before v. 20190426 may have an embedded web server potentially vulnerable to reflected XSS in wireless configuration page...

undertow: client side invocation timeout raised when calling over HTTP2

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...