CVE-2023-45318

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2025-12543 Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow traditional

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

UBUNTU-CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

CLSA-2026-1767609927 httpd: Fix of CVE-2025-58098

CVE-2025-58098: don't pass querry string args as command line arguments to SSI-invoked CGI scripts...

CVE-2025-15255

A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has...

CVE-2025-11545

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions...

GHSA-W48Q-CV73-MX4W Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default

The Model Context Protocol MCP TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPServerTransport or SSEServerTransport and has not enabled...

libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

BIT-GOLANG-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989234)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989234 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP...

CVE-2025-64137

A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

CVE-2025-64137

CVE-2025-64137 affects the Jenkins Themis Plugin (versions 1.4.1 and earlier). The issue is a missing permission check in an HTTP endpoint, which allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. Public references in Red Hat and GitHub advisories reite...

CVE-2025-64137

A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

CVE-2025-64136

The vulnerability CVE-2025-64136 affects Jenkins Themis Plugin versions 1.4.1 and earlier. Root cause: a cross-site request forgery (CSRF) flaw due to lack of permission checks in an HTTP endpoint, allowing an attacker with Overall/Read permission to trigger requests to an attacker-specified URL/...

CVE-2025-61679

Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails, without any warning of ...

EUVD-2017-11995

Malware in sbrugna...

EUVD-2011-1710

Malware in sbrugna...

EUVD-2018-15664

Malware in sbrugna...

EUVD-2018-15653

Malware in sbrugna...