HTTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an RISC-V 64-bit payload from an HTTP server. Connect back to attacker and spawn a command shell. Module Options msf use payload/cmd/linux/http/riscv64le/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf...

CVE-2025-67779

A flaw was found in React Server Components. This vulnerability allows a denial of service via unsafe deserialization of payloads from HTTP Hypertext Transfer Protocol requests to Server Function endpoints. A malicious HTTP request can be crafted and sent to any App Router endpoint that, when...

BIT-NGINX-GATEWAY-2024-31079 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacke...

CVE-2025-13945

CVE-2025-13945 affects Wireshark 4.6.0 and 4.6.1, where the HTTP3 dissector crash can lead to denial of service. Connected advisories indicate that multiple distributions address this by upgrading Wireshark to version 4.4.13 (e.g., Debian/SUSE/openSUSE/SUSE advisories). The available sources do n...

EUVD-2025-200286

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...

CVE-2025-64331

Suricata (OISF) prior to 7.0.13 and 8.0.2 is affected by a stack overflow when handling large HTTP file transfers if the HTTP response body limit is increased and printable HTTP bodies are logged. The issue has been patched in versions 7.0.13 and 8.0.2. Practical mitigation steps include upgradin...

📄 HTTP/2 2.0 Denial of Service

This is a testing script for the HTTP/2 Rapid Reset vulnerability as described in CVE-2023-44487. !/usr/bin/env python3 """ Exploit Title: HTTP/2 2.0 - Denial Of Service DOS Google Dork: -NA- Date: 29th August 2025 Exploit Author: Madhusudhan Rajappa Vendor Homepage: -NA- Software Link: -NA-...

Eclipse ThreadX NetX Duo 安全漏洞

Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo versions prior to 6.4.4, which stems from a lack of boundary validation in the Eclipse Foundation ThreadX's network support code in the HTTP...

PT-2025-42381

Name of the Vulnerable Software and Affected Versions Cisco Snort 3 affected versions not specified Description A flaw exists in the Snort 3 HTTP Decoder that may allow a remote attacker to disclose sensitive data or cause the Snort 3 Detection Engine to crash. This issue stems from an error in...

USN-7814-1: LibHTP vulnerabilities

It was discovered that LibHTP did not correctly handle certain HTTP headers. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2024-23837 It was discovered that LibH...

-http3-exploit-and-testing-cyberexpert.

-http3-exp...

OESA-2025-2166 lighttpd security update

Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more...

Security update for netty

This update for netty fixes the following issues: CVE-2025-55163: Fixed "MadeYouReset" DoS attack in HTTP/2 protocol including DNS over HTTPS bsc1247991 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

CLSA-2025-1756323821 php: Fix of CVE-2025-1736

CVE-2025-1736: fix incorrect validation of CRLF in http headers...

TencentOS Server 4: suricata (TSSA-2025:0649)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0649 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-5115 MadeYouReset HTTP/2 vulnerability

In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume...

tomcat: Apache Tomcat denial of service

A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...

[SECURITY] Fedora 41 Update: rust-h2-0.4.12-1.fc41

An HTTP/2 client and server...

Netty 安全漏洞

Netty is a non-blocking I/O client-server framework from the Netty community, which is primarily used for developing Java web applications such as protocol servers and clients. A security vulnerability exists in Netty versions prior to 4.1.124.Final and 4.2.4.Final, which stems from a flaw in the...

HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

Overview A vulnerability has been discovered within many HTTP/2 implementations allowing for denial of service DoS attacks through HTTP/2 control frames. This vulnerability is colloquially known as "MadeYouReset" and is tracked as CVE-2025-8671. Some vendors have assigned a specific CVE to their...