103220 matches found
ROS-20260319-73-0002
A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already established network connection, without opening new network connections and without acknowledging the receipt of packets. Exploitation of the vulnerability could allo...
CVE-2026-25873
OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle deserialization of request bodies to achieve code...
GHSA-5RVC-5CWX-G5X8 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques
Impact This is an Improper Error Handling vulnerability with Information Exposure implications, combined with an HTTP Method Translation issue. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with ...
free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques
Impact This is an Improper Error Handling vulnerability with Information Exposure implications, combined with an HTTP Method Translation issue. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with ...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the processing of HTTP/2 :path pseudo-headers in handleStream. An attacker can gain unauthorized access to restricted resources by sending requests with malformed :path headers that omit the leading slash. Thi...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in HTTPResult in SimpleHTTPClient.java, when following redirects. An attacker can obtain the contents of "Location: response" headers included in client redirects...
GHSA-P7M9-V2CM-2H7M HAPI FHIR HTTP authentication leak in redirects
Impact When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of...
GHSA-7G27-V5WJ-JR75 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference
Impact This is a NULL Pointer Dereference vulnerability leading to Denial of Service. - Security Impact: A remote attacker can cause the UDM service to panic and crash by sending a crafted POST request to the /sdm-subscriptions endpoint with a malformed URL path containing path traversal sequence...
CVE-2026-32633
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 — Apache HTTP Server 2.4.49 Path Traversal / RC...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in urllib3 (CVE-2026-21441, CVE-2025-66471)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-21441, CVE-2025-66471 reported for urllib3. Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTT...
Security Bulletin: IBM HTTP Server shipped with IBM OpenPages is vulnerable to multiple vulnerabilities
Summary IBM HTTP Server used by IBM WebSphere Application Server, that is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. These products have addressed the applicable CVEs. For a...
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...
SQLInject
Sqlinject 💉 Advanced SQL Injection Scanner with WAF Bypass...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 — Apache Path Traversal & RCE Internship Tas...
Malicious code in express-http-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2471851d15cff5d3bc09d823660e1bebf3aee789535bf81e4f71c1ed6fa1fd86 The package express-http-validator was found to contain malicious code...
MAL-2026-1731 Malicious code in express-http-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2471851d15cff5d3bc09d823660e1bebf3aee789535bf81e4f71c1ed6fa1fd86 The package express-http-validator was found to contain malicious code...
Malicious code in abstract-http-request (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84130e04f5582700fd6841f67e465fb571518a710f3257fae0990653bf08aa92 The package abstract-http-request was found to contain malicious code...
MAL-2026-1646 Malicious code in abstract-http-request (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84130e04f5582700fd6841f67e465fb571518a710f3257fae0990653bf08aa92 The package abstract-http-request was found to contain malicious code...