103220 matches found
CVE-2026-32838 Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP
Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data...
AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy
Summary The plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location header, the redirect target is fetched via fakeBrowser without...
UBUNTU-CVE-2026-4359
A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver...
Security update for curl
This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. CVE-2026-3805: use after free in SMB connection...
CVE-2026-4359
MongoDB C driver is affected by CVE-2026-4359: a compromised cloud server or MITM can send a malformed HTTP response that causes a crash in applications using the driver. Affected component: the MongoDB C driver’s HTTP response handling. Root cause: malformed HTTP response handling leading to a c...
CVE-2026-4359
A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver...
Improper Null Termination
Overview Affected versions of this package are vulnerable to Improper Null Termination due to insufficient check of HTTP response parsing. An attacker can cause application crashes by sending specially crafted malformed HTTP responses. Note: This is only exploitable if the application connects to...
Heap-buffer-over-read in _mongoc_http_send via strstr on non-null-terminated buffer
A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the DefaultHtmlErrorResponseBodyProvider class. An attacker can exhaust heap memory and cause a crash by sending requests that trigger exceptions with attacker-controlled messages...
io.micronaut.aws:micronaut-aws-alexa-httpserver (=5.0.0-M1), io.micronaut.aws:micronaut-function-aws-api-proxy (=5.0.0-M1) +38 more potentially affected by CVE-2026-33012 via io.micronaut:micronaut-http-server (>=5.0.0-M1 <=5.0.0-M15)
io.micronaut:micronaut-http-server MAVEN version =5.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M2 and more Source cves: CVE-2026-33012 Source advisory: SNYK:JAVA-IOMICRONAUT-15678683...
EUVD-2026-12704
Next.js: HTTP request smuggling in rewrites...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the http/2 server implementation. An attacker can cause application instability or crashes by sending specially crafted HTTP/2 requests that trigger authentication failures, leading to access of freed memory. Note: Thi...
CVE-2026-4271
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...
CVE-2026-4271
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...
UBUNTU-CVE-2026-4271
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...
CVE-2026-4271 Libsoup: libsoup: denial of service via use-after-free in http/2 server
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...
CVE-2026-4271
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...
CVE-2026-4271
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...
CVE-2026-4271
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...
cpython: wsgiref.headers.Headers allows header newline injection in Python
Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...