Prometheus exporter process crash via malformed HTTP request

Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. You...

CVE-2022-50890 Owlfiles File Manager 12.0.1 - Path Traversal

Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the...

Owlfiles 路径遍历漏洞

Owlfiles is a file manager from Owlfiles, Inc. A path traversal vulnerability exists in Owlfiles version 12.0.1, which stems from a path traversal vulnerability in the built-in HTTP server that could lead to accessing system directories...

EUVD-2025-29441

Malicious code in bioql PyPI...

The vulnerability of the built-in boa server (/boafrm/formSysLog) of TOTOLINK X15 router microprogramming software allows a intruder to cause a service failure.

The vulnerability of the built-in boa server /boafrm/formSysLog of TOTOLINK X15 router microprogramming software is related to the issue where the operation data is written outside the buffer in memory when processing the submit-url parameter. Exploiting this vulnerability allows a malicious acto...

PT-2023-27607 · Opto 22 · Snap Pac S1 Firmware

Name of the Vulnerable Software and Affected Versions: SNAP PAC S1 Firmware version R10.3b Description: An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completel...

JetBrains IntelliJ IDEA 路径遍历漏洞

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2022.3, which stems from a built-in web server that allows arbitrary files to be read via a...

libkiwix 跨站脚本漏洞

libkiwix is a common code base for all Kiwix ports. A security vulnerability exists in libkiwix 10.0.0 and 10.0.1 that allows the use of XSS in the built-in web server functionality by searching for suggested URL parameters...

ON24 ScreenShare 代码问题漏洞

ON24 ScreenShare is a plugin for screen sharing from ON24 USA. A security vulnerability exists in versions of the ON24 ScreenShare aka DesktopScreenShare.app plugin prior to version 2.0 for macOS, which allows an attacker to conduct remote file access via its built-in HTTP server...

DzSoft PHP Editor File Enumeration Vulnerability

DzSoft PHP Editor is a tool for writing and testing PHP and HTML pages. DzSoft PHP Editor has a security vulnerability.DzSoftpe is equipped with a built-in web server for previewing PHP files when combining the "HEAD" method of HTTP requests with the directory traversal "\ ... /... /..." type of...

PHP Built-in HTTP Server File Inclusion Vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.PHP ZipArchive is an extension class that comes with PHP that enables compression and decompression of ZIP files. A...

FTP bounce vulnerability in multiple Canon digital multifunction copiers and laser beam printers

Overview Multiple Canon digital multifunction copiers and laser beam printers contain a vulnerability that could allow a remote attacker to access other network devices via a built-in FTP server. The Canon Color imageRUNNER Series, imageRUNNER Series, imagePRESS Series, and laser beam printer...