CVE-2025-63649

An out-of-bounds read in the httpparsertransferencodingchunked function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted POST request to the server...

CVE-2025-63649

An out-of-bounds read in the httpparsertransferencodingchunked function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted POST request to the server...

CVE-2025-63656

CVE-2025-63656 affects the Monkey server (commit f37e984) with an out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c). Exploitation is sufficient to cause a Denial of Service by receiving a crafted HTTP request. Connected sources (Red Hat advisory, NVD/NVL records, Attacker...

PT-2026-5342

Name of the Vulnerable Software and Affected Versions monkey commit f37e984 Description An out-of-bounds read exists in the header cmp function located in mk server/mk http parser.c. This issue allows attackers to cause a Denial of Service DoS by sending a crafted HTTP request to the server...

EUVD-2025-206530

An out-of-bounds read in the httpparsertransferencodingchunked function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted POST request to the server...

CVE-2025-63649

An out-of-bounds read in the httpparsertransferencodingchunked function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted POST request to the server...

CVE-2025-63649

CVE-2025-63649 affects monkey (mk_server/mk_http_parser.c) due to an out-of-bounds read in http_parser_transfer_encoding_chunked following commit f37e984. This can allow a remote attacker to trigger a Denial of Service by sending a crafted POST request to the server. Connected documents corrobora...

CVE-2026-0919

The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can force...

CVE-2026-0919

The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can...

EUVD-2026-4791

The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can force...

MiracleLinux 8 : http-parser-2.8.0-5.el8.2 (AXSA:2020-132:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-132:02 advisory. nodejs: HTTP request smuggling using malformed Transfer-Encoding header CVE-2019-15605 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : http-parser-2.7.1-8.el7.2 (AXSA:2020-4489:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4489:01 advisory. nodejs: HTTP request smuggling using malformed Transfer-Encoding header CVE-2019-15605 Tenable has extracted the preceding description block directly from th...

MiracleLinux 7 : http-parser-2.7.1-8.el7 (AXSA:2019-4071:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-4071:01 advisory. nodejs: Denial of Service with large HTTP headers CVE-2018-12121 nodejs: HTTP parser allowed for spaces inside Content-Length header values...

Linux Distros Unpatched Vulnerability : CVE-2025-69224

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smugglin...

GHSA-6MQ8-RVHQ-8WGG AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

Summary A zip bomb can be used to execute a DoS against the aiohttp server. Impact An attacker may be able to send a compressed request that when decompressed by aiohttp could exhaust the host's memory. ------ Patch: https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c91...

CVE-2025-69223 AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

Security Bulletin: IBM Documentation Offline is vulnerable to `Node.js ReadFileUtf8 and HTTP Parser flaws` due to Node.js (CVE-2025-23165, CVE-2025-23167)

Summary IBM Documentation Offline utilizes Node.js as a third-party component, which contains two vulnerabilities that could potentially affect your product's stability and security. CVE-2025-23165 CVSS: 3.7 is a Denial of Service DoS vulnerability in the ReadFileUtf8 internal binding. Repeated u...

TencentOS Server 3: http-parser (TSSA-2022:0055)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0055 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

EUVD-2018-18902

Malware in sbrugna...

EUVD-2021-2157

Malware in sbrugna...