103221 matches found
SUSE CVE-2026-23941
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...
CVE-2026-4254
A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local2c causes stack-based buffer overflow. The attack can be initiated remotel...
EUVD-2026-12214
A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmcsync.php of the component HTTP Request Handler. Executing a manipulation of the argument templatepath can lead to os command injection. The...
CVE-2026-2491
Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw...
CVE-2025-10685 HTTP POST with specific higher content length leads into heap corruption
Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT Webserver modules allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42...
CVE-2025-11500 Credentials exposure in tinycontrol devices
Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...
Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2026-1402)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1430)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2026-26462
Name of the Vulnerable Software and Affected Versions Kargo versions 1.4.0 through 1.6.3 Kargo versions 1.7.0-rc.1 through 1.7.8 Kargo versions 1.8.0-rc.1 through 1.8.11 Kargo versions 1.9.0-rc.1 through 1.9.4 Description Kargo's built-in http and http-download promotion steps allow Server-Side...
CPython 安全漏洞
CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security vulnerability, which stems from the incomplete repair of control characters in the http.cookies.Morsel module. This vulnerability may allow control characters to bypass input validation...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1487)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1536)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP10 : python3 (EulerOS-SA-2026-1319)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to...
EulerOS 2.0 SP12 : python3 (EulerOS-SA-2026-1407)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic...
EulerOS Virtualization 2.10.1 : python3 (EulerOS-SA-2026-1542)
According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not...
EulerOS 2.0 SP12 : python3 (EulerOS-SA-2026-1376)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic...
EulerOS Virtualization 2.10.0 : python3 (EulerOS-SA-2026-1562)
According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not...
CVE-2026-4172
The CVE describes a stack-based overflow in TRENDnet TEW-632BRP (1.010B32) within the HTTP POST Request Handler, specifically the /ping_response.cgi file. The issue stems from manipulating the ping_ipaddr argument in this handler, enabling a remote exploit. Public exploitation exists according to...
OESA-2026-1593 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...
OESA-2026-1550 wireshark security update
Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. Security Fixes: Wireshark ...