CVE-2026-0731 TOTOLINK WA1200 HTTP Request cstecgi.cgi null pointer dereference

A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-0731 TOTOLINK WA1200 HTTP Request cstecgi.cgi null pointer dereference

A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been...

PT-2026-1981

Name of the Vulnerable Software and Affected Versions TOTOLINK WA1200 version 5.9c.2914 Description A flaw exists in the HTTP Request Handler component of TOTOLINK WA1200 version 5.9c.2914. Specifically, the issue resides in an unknown function within the cstecgi.cgi file. This manipulation resul...

CRLF Injection

io.netty, netty-codec-http is vulnerable to CRLF Injection. The vulnerability is due to improper sanitization of the request URI in HttpRequestEncoder, which allows an attacker to inject CRLF sequences and smuggle malicious HTTP requests...

CVE-1999-0378

InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands...

CVE-1999-0448

IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request...

CVE-2019-7404

An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100$today'sdate.log for reading a filename such as gapm7100190101.log...

CVE-2019-16278

Directory Traversal in the function httpverify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request...

PT-2026-2154

CVE-2026-22159 - Apache HTTP Server HTTP Request Smuggling CVE ID : CVE-2026-22159 Published : Jan. 7, 2026, 12:17 p.m. | 3 hours, 59 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Security Bulletin: IBM Event Processing is affected by multiple Vulnerabilities in IBM Operator for Apache Flink

Summary IBM Event Processing is affected by multiple Vulnerabilities in IBM Operator for Apache Flink 1.4.5 Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the parsing of Range headers. An attacker can potentially interfere with HTTP request processing by supplying non-ASCII decimals in the header, which may lead to unexpected parser mismatches. Remediation Upgra...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the unicode processing of HTTP header values. An attacker can bypass firewall or proxy protections by sending requests containing non-ASCII characters. Note: This is only exploitable if C extensions are not in...

CVE-2025-67397

An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...

Security Bulletin: Rational Performance Tester contains vulnerabilities related to the Netty framework

Summary Due to the use of Netty, Rational Performance Tester contains vulnerabilities that could allow HTTP request smuggling or a denial of service attack. CVE-2025-58056, CVE-2025-58057 Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network...

curl: HTTP Request Smuggling and SSRF via CRLF Injection in Curl_add_custom_headers

Summary: A lack of CRLF validation in Curladdcustomheaders at lib/http.c:1761 allows users to inject arbitrary HTTP headers. This violation of RFC 7230 §3.2.4 leads to HTTP Request Smuggling and potential SSRF bypass. AI Disclosure: I utilized an AI assistant to aid in the initial code analysis a...

Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-873)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-873 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode...

PT-2026-5660

Name of the Vulnerable Software and Affected Versions SoupServer affected versions not specified Description A flaw exists in SoupServer related to improper handling of HTTP requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. This can lead to an HTTP request...

PT-2026-1149

CVE-2025-22185 - Apache Tomcat HTTP Request Smuggling CVE ID : CVE-2025-22185 Published : Jan. 1, 2026, 1:15 a.m. | 3 hours, 5 minutes ago Description : Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. Severity: 0.0 | NA Visit...

CVE-2025-15178

A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit has be...

CVE-2025-15180

A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The...