PT-2026-5344

A stack overflow in the mk http index lookup function mk server/mk http.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

TP-Link Tapo C220 and TP-Link Tapo C520WS have security vulnerabilities

Both the TP-Link Tapo C220 and TP-Link Tapo C520WS are WiFi cameras produced by the Chinese company TP-Link. There are security vulnerabilities in the TP-Link Tapo C220 v1 version and the TP-Link Tapo C520WS v2 version. These vulnerabilities stem from the HTTP parser’s improper handling of reques...

SUSE SLED15 / SLES15 Security Update : python-tornado (SUSE-SU-2026:0222-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0222-1 advisory. - CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values bsc1254905. -...

CVE-2025-56589

A Local File Inclusion LFI and a Server-Side Request Forgery SSRF vulnerability was found in the InsertFromHtmlString function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or...

CVE-2021-47850

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating...

CVE-2021-47850

Mini Mouse 9.2.0 is affected by a path-traversal vulnerability that allows remote exploitation via crafted HTTP requests to manipulate file and path parameters, enabling access to arbitrary system files (e.g., win.ini) and directory listings (e.g., C:\Users\Public). The issue is documented across...

PT-2026-3785

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager Unified CM versions prior to 12.5, 14SU5, and 15SU4 Cisco Unified Communications Manager Session Management Edition Unified CM SME versions prior to 12.5, 14SU5, and 15SU4 Cisco Unified Communications Manag...

MiracleLinux 9 : skopeo-1.13.3-4.el9_3 (AXSA:2024-7582:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7582:01 advisory. golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 Tenable has extracted the preceding description...

CVE-2026-23744

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution RCE vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the validate input size of hashtags in HTTP requests. An attacker can exhaust CPU resources by submitting a single HTTP request containing a post with thousands of space-separated...

CVE-2021-47752

AWebServer GhostBuilding 18 contains a denial of service vulnerability that allows remote attackers to overwhelm the server by sending multiple concurrent HTTP requests. Attackers can generate high-volume requests to multiple endpoints including /mysqladmin to potentially crash or render the...

CVE-2026-22779 BlackSheep ClientSession is vulnerable to CRLF injection

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...

CVE-2026-22239 Email Sending Vulnerability in BLUVOYIX

The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable email sending API. Successful exploitation of this vulnerability could allow the...

CVE-2025-58693

An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests...

CVE-2025-47855

CVE-2025-47855 affects Fortinet FortiFone: versions 3.0.13–3.0.23 and 7.0.0–7.0.1 are vulnerable to an unauthenticated information disclosure via crafted HTTP/HTTPS requests (CWE-200). The vulnerability allows retrieval of device configuration. Remediation stated in sources: upgrade to FortiFone ...

CVE-2025-59922

An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an...

PT-2026-2473

An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests...

Linux Distros Unpatched Vulnerability : CVE-2026-22776

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in...

CVE-2026-22024 CryptoLib Memory Leak in KMC Encrypt Function Leads to Resource Exhaustion

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the cryptographyencrypt function allocates...

CVE-2021-31898

In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS...