CVE-2026-8047

The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device...

UBUNTU-CVE-2026-31842

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...

CVE-2026-34121 Authentication Bypass in DS Configuration Service via HTTP Request Parsing Differential of TP-Link Tapo C520WS

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

IBM Verify Identity Access Container和IBM Verify Identity Access 环境问题漏洞

IBM Verify Identity Access Container and IBM Verify Identity Access are products of IBM Corporation. IBM Verify Identity Access Container is a containerized software that provides authentication and authorization functions for applications. IBM Verify Identity Access is an enterprise-level securi...

MiracleLinux 9 : squid-5.5-6.el9_3.8 (AXSA:2024-7624:02)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7624:02 advisory. squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of...

MiracleLinux 7 : squid-3.5.20-17.el7.10 (AXSA:2024-7673:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7673:03 advisory. squid: denial of service in HTTP header parser CVE-2024-25617 squid: denial of service in HTTP request parsing CVE-2023-50269 squid: Buffer over-rea...

MiracleLinux 7 : tomcat-7.0.69-11.el7 (AXSA:2017-1603:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1603:01 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Ja...

CVE-2018-4029

An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code execution...

EUVD-2018-8589

Malware in sbrugna...

EUVD-2022-4326

Malicious code in bioql PyPI...

EUVD-2023-55081

Malicious code in bioql PyPI...

EUVD-2025-15127

Malicious code in bioql PyPI...

EUVD-2023-0003

Malicious code in bioql PyPI...

USN-7490-3: libsoup vulnerabilities

USN-7490-1 fixed vulnerabilities in libsoup2.4. This update provides the corresponding updates for libsoup3. Original advisory details: Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a malicious...

RockyLinux 8 : squid:4 (RLSA-2024:1375)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1375 advisory. squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of service i...

USN-7490-1: libsoup vulnerabilities

Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. CVE-2025-32906 Alon Zahavi discovered that libsoup incorrectly parse...

CVE-2025-32906 Libsoup: out of bounds reads in soup_headers_parse_request()

A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

(Pwn2Own) Synology BeeStation BST150-4T CRLF Injection Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of HTTP requests. The issue results...

JVN#87770340: Stack-based buffer overflow vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor

Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs multifunction printers. Web Image Monitor contains a stack-based buffer overflow vulnerability CWE-121 due to inappropriate parsing process of HTTP request. Impact Receiving a specially...

Apache Tomcat 8.0.0.RC1 < 8.0.39 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.39. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.0.39security-8 advisory. - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before...