80 matches found
Advisory ROSA-SA-2025-2851
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-65.0.1.rv3.3 CVE-ID: CVE-2023-27522 BDU-ID: 2023-02021 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modproxyuwsgi component of the Apache HTTP Server web server is related to flaws in HTTP request handling...
CVE-2025-32013 Server-Side Request Forgery via LNURL Authentication Callback in LNbits Lightning Network Payment System
LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery SSRF vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request ...
CVE-2025-2837
Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this...
CVE-2025-2837 Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability
Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this...
CVE-2025-2837
CVE-2025-2837 affects Silicon Labs Gecko OS. The issue is a stack-based buffer overflow in HTTP request handling caused by insufficient validation of the length of user-supplied data before copying it to a stack buffer. This leads to remote code execution with network-adjacent access and no authe...
CVE-2025-2837 Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability
Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this...
Exploit for CVE-2025-1974
Ingress Nightmare CVE-2025-1907 Description This vulnerab...
PT-2025-13009 · Silicon · Gecko Os
Name of the Vulnerable Software and Affected Versions: Silicon Labs Gecko OS affected versions not specified Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required for exploitation. The issue stems from...
Denial Of Service (DoS)
BentoML is vulnerable to Denial of Service DoS. The vulnerability is due to improper request handling due to the server continuously processing appended characters in a multipart boundary of an HTTP request, leading to excessive resource consumption and service unavailability...
CVE-2024-27922
TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The impact may var...
Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
Boundary Community Edition and Boundary Enterprise “Boundary” incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary...
CVE-2024-12289
CVE-2024-12289 affects Boundary Community Edition and Boundary Enterprise. The issue occurs during initialization of the Boundary controller, where HTTP requests are mishandled and may cause the Boundary server to terminate prematurely. Fixed in Boundary 0.16.4, 0.17.3, and 0.18.2. Connected docu...
CVE-2024-8308 Siempelkamp: SQL injection due to improper handling of HTTP request input data
A low privileged remote attacker can insert a SQL injection in the web application due to improper handling of HTTP request input data which allows to exfiltrate all data...
CVE-2021-1425 Cisco Cisco Email Security Appliance and Content Security Management Appliance Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is bei...
HTTP Smuggling
org.jboss.resteasy, resteasy-netty4-cdi is vulnerable to HTTP Smuggling. The vulnerability is due to improper handling of HTTP requests by the resteasy-netty4 library, specifically when the Netty HttpObjectDecoder fails to process HTTP smuggling requests with ASCII control characters, causing it ...
The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma allows attackers to execute arbitrary code.
The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma is related to improper handling of HTTP requests. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
PT-2024-6830 · Sap · Sap Crm Abap
Name of the Vulnerable Software and Affected Versions: SAP CRM ABAP affected versions not specified Description: The issue is related to insufficient checking of incoming HTTP requests in the Insights Management component of the SAP CRM ABAP integration module. This can allow a remote attacker to...
PT-2024-27769 · Vercot · Serva
Name of the Vulnerable Software and Affected Versions: vercot Serva version 4.6.0 Description: A NULL pointer dereference in vercot Serva allows attackers to cause a Denial of Service DoS via a crafted HTTP request. Recommendations: For version 4.6.0, consider disabling the HTTP request handling...
TOMP Bare Server 安全漏洞
TOMP Bare Server is an open source library from Tomp Web Proxies. A security vulnerability exists in TOMP Bare Server versions prior to 2.0.2, which stems from improper handling of HTTP requests by the omphttp/bare-server-node package...
PT-2024-2026 · Ibm · Ibm Watson Cp4D Data Stores
Name of the Vulnerable Software and Affected Versions: IBM Watson CP4D Data Stores versions 4.6.0 through 4.6.2 Description: The issue is related to errors in handling HTTP requests and improper input validation, which could allow a remote attacker to impact data integrity. An attacker with...