CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

CVE-2025-3577

UNSUPPORTED WHEN ASSIGNED A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00AAJC.16C0 could allow an authenticated attacker with administrator privileges to access restricted directories by sending a crafted HTTP request to an affected...

CVE-2025-3577

CVE-2025-3577 affects Zyxel AMG1302-T10B (firmware 2.00(AAJC.16)C0). The issue is a path traversal in the web management interface that an authenticated administrator can exploit by sending a crafted HTTP request to access restricted directories. The CVSS metrics indicate Network access with Low ...

CVE-2024-33452

CVE-2024-33452 applies to OpenResty lua-nginx-module v0.10.26 and earlier, allowing HTTP request smuggling via a crafted HEAD request. Connected sources confirm the issue in the lua-nginx-module (OpenResty) and note a patch path via vendor advisories: Debian’s DLA-4228-1 fixes nginx/libnginx-mod-...

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

HTTP Request Smuggling

github.com/clickhouse/ch-go is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper parsing or handling of HTTP requests. Specifically, the vulnerability arises from the way large, uncompressed malicious external data is processed, allowing an attacker to smuggle an addition...

HTTP_Request2 安全漏洞

HTTPRequest2 is a PEAR open source that provides an easy way to perform HTTP requests and does not require the curl extension. A security vulnerability exists in HTTPRequest2 versions prior to 2.7.0 that originates from multiple files in the test directory reflecting GET or POST parameters, which...

ROS-20250417-06

Vulnerability in moodle virtual learning environment is related to insufficient validation of HTTP request source in the confirmedsesskey. Exploitation of the vulnerability could allow an attacker acting remotely to perform Cross-site request forgery attacks...

ROS-20250417-08

A vulnerability in the net/http package of the Go programming language is related to a flaw in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

The vulnerability of the AdvSetMacMtuWan function in the microprogramming software for Tenda AC10 allows a hacker to execute arbitrary code.

The vulnerability of the AdvSetMacMtuWan function in the Tenda AC10 router microprogramming software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted GE...

Netscaler-14.1- How NetScaler handles expect:100 continue header

When NetScaler gets an HTTP request that includes the Expect: 100-Continue header, it sends a 100 Continue response back to the client. This step is important because NetScaler’s Application Firewall needs to review the full request—including the body—before passing it on to the backend server...

Security Bulletin: Vulnerability in GNOME libsoup affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in GNOME libsoup has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-52530 DESCRIPTION: GNOME libsoup is...

Security Bulletin: IBM Maximo Application Suite - IoT Component uses aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2024-23829, CVE-2023-49082, CVE-2024-23334 and CVE-2023-49081

Summary IBM Maximo Application Suite - IoT Component uses aiohttp-3.8.6-cp37-cp37m-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2024-23829, CVE-2023-49082, CVE-2024-23334 and CVE-2023-49081. This bulletin contains information regarding the vulnerability and its fixture...

RHEL 6 / 7 : rh-php56-php (RHSA-2016:1612)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1612 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: It was discovered that PHP did not properly...

RHEL 6 / 7 : httpd24-httpd (RHSA-2015:1666)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1666 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the wa...

Plane 0.23.1 - Server side request forgery (SSRF)

Exploit Title: Plane - Server side request forgery SSRF Date: 2024-01-13 Exploit Author: Saud Alenazi Vendor Homepage: https://plane.so Software Link: https://github.com/makeplane/plane/releases/tag/v0.23.1 Version: v0.23.1 Tested: Windows 10 x64 Description: A Server-Side Request Forgery SSRF...

CVE-2025-32906

A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

CVE-2025-32906 Libsoup: out of bounds reads in soup_headers_parse_request()

A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...