CVE-2025-7603 D-Link DI-8100 HTTP Request jingx.asp stack-based overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. Affected is an unknown function of the file /jingx.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploi...

CVE-2025-7603

CVE-2025-7603 affects D-Link DI-8100 (firmware 16.07.26A1). The vulnerability is in the HTTP Request Handler’s /jingx.asp file, where an input size/length validation failure leads to a stack-based buffer overflow. This enables remote exploitation with potential arbitrary code execution or denial ...

CVE-2025-7602 D-Link DI-8100 HTTP Request arp_sys.asp stack-based overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /arpsys.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has...

CVE-2025-7602

CVE-2025-7602 affects D-Link DI-8100 (version 16.07.26A1). The vulnerability resides in the HTTP Request Handler’s processing of the /arp_sys.asp file and causes a stack-based buffer overflow. This can allow remote exploitation and has publicly disclosed exploit code. Multiple connected sources c...

CVE-2025-7602 D-Link DI-8100 HTTP Request arp_sys.asp stack-based overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /arpsys.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has...

D-Link DI-8100 安全漏洞

The D-Link DI-8100 is a broadband router from D-Link designed for small to medium-sized network environments, supporting up to 4 Internet ports and 4 LAN ports for up to 80 simultaneous users. The D-Link DI-8100 suffers from a buffer overflow vulnerability that originates from the failure of the...

PT-2025-29979 · D Link · Di-8100

Name of the Vulnerable Software and Affected Versions: D-Link DI-8100 version 16.07.26A1 Description: A critical vulnerability exists in the D-Link DI-8100. The issue is related to unknown processing of the file /menu nat more.asp within the HTTP Request Handler component, leading to a stack-base...

curl: HTTP Request Smuggling Vulnerability Analysis - cURL Security Report

HTTP Request Smuggling Vulnerability Report - cURL Summary: cURL does not explicitly reject HTTP requests that contain both Transfer-Encoding and Content-Length headers, which can lead to HTTP request smuggling vulnerabilities CWE-444 when the request passes through intermediary systems proxies,...

PT-2025-29459 · D Link · Di-8100

Name of the Vulnerable Software and Affected Versions: D-Link DI-8100 version 16.07.26A1 Description: A critical issue exists in the HTTP Request Handler component due to improper processing of the /arp sys.asp file. This can lead to a stack-based buffer overflow, potentially allowing for remote...

PT-2025-29460 · D Link · Di-8100

Name of the Vulnerable Software and Affected Versions: D-Link DI-8100 version 16.07.26A1 Description: A critical issue exists in the HTTP Request Handler component of the D-Link DI-8100. The vulnerability is a stack-based buffer overflow caused by manipulation of an unknown function within the...

CBL Mariner 2.0 Security Update: ruby / rubygem-webrick (CVE-2025-6442)

The version of ruby / rubygem-webrick installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-6442 advisory. - Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remot...

Azure Linux 3.0 Security Update: ruby / rubygem-webrick (CVE-2025-6442)

The version of ruby / rubygem-webrick installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-6442 advisory. - Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remot...

CVE-2024-56468

IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling through the processing of chunked encoded requests in parseheader function. An attacker can manipulate request boundaries by injecting conflicting Content-Length or Transfer-Encoding headers via trailers which can...

CVE-2024-56468 IBM InfoSphere Data Replication VSAM for z/OS Remote Source denial of service

IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service...

Security Bulletin: IBM Storage Ceph is vulnerable to HTTP Request/Response Smuggling and Unauthorized Exposure of Information in HAProxy (CVE-2023-40225, CVE-2023-0836, CVE-2023-25725, CVE-2023-45539)

Summary HAProxy is used by IBM Storage Ceph for Load Balancing. This bulletin identifies the steps to take to address the vulnerability in HAProxy. CVE-2023-40225, CVE-2023-0836, CVE-2023-25725, CVE-2023-45539. Vulnerability Details CVEID:CVE-2023-40225 DESCRIPTION: HAProxy through 2.0.32, 2.1.x...

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console (CVE-2022-23648, CVE-2022-32149)

Summary The listed dependency packages are being used by IBM Db2 Data Management Console github.com/containerd/containerd, golang.org/x/text. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: In net/http in Go befo...

CVE-2025-40710

Host Header Injection HHI vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such applications do not present this vulnerability per se, the use of the tunnel, together with a forged Ho...

HTTP Request Smuggling (HRS)

webrick is vulnerable to HTTP Request Smuggling. The vulnerability is due to inconsistent parsing of HTTP header terminators in the readheaders method, which allows attackers to smuggle arbitrary HTTP requests when deployed behind certain HTTP proxies...

CVE-2024-51981

An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...