CVE-2026-8263

The CVE affects Tenda AC6 (firmware 15.03.06.49_multi_TDE01) where the fromSetWirelessRepeat function in /goform/WifiExtraSet within the httpd component is vulnerable. Manipulating the mac/ssid arguments enables an OS command injection, allowing remote exploitation. Public exploits have been rele...

CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

CVE-2026-3168

A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromNatStaticSetting of the file /goform/NatStaticSetting of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been ma...

CVE-2025-14737 Command Injection Vulnerability in TP-Link WA850RE

Command Injection vulnerability in TP-Link WA850RE httpd modules allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2160527, ≤ WA850RE V3160922...

EUVD-2022-52358

Malicious code in bioql PyPI...

EUVD-2022-35248

Malicious code in bioql PyPI...

EUVD-2022-52356

Malicious code in bioql PyPI...

EUVD-2022-52359

Malicious code in bioql PyPI...

EUVD-2022-52357

Malicious code in bioql PyPI...

RHEL 9 : mod_http2 (RHSA-2025:15725)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:15725 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modproxyhttp2:...

RHEL 9 : mod_http2 (RHSA-2025:15727)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:15727 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modproxyhttp2:...

Erlang/OTP (Erlang OTP) Directory Traversal Vulnerability (Sep 2020) - Windows

Erlang/OTP Erlang OTP is prone to a directory traversal vulnerability in the httpd module of the inets component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2022-30474

Tenda AC Series Router AC18V15.03.05.196318 was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request...

CVE-2022-30476

Tenda AC Series Router AC18V15.03.05.196318 was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request...

CVE-2022-30475

Tenda AC Series Router AC18V15.03.05.196318 was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request...

CVE-2022-30033

Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status in httpd module...

CVE-2022-30477

Tenda AC Series Router AC18V15.03.05.196318 was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request...

CVE-2020-36109

ASUS RT-AX86U router firmware below version under 9.0.0.4386 has a buffer overflow in the blockingrequest.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data...

CVE-2025-4007

A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.42887/3.0.0.53644. Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack c...