The vulnerability of TP-LINK TL-WR841ND router’s microprogramming software lies in the fact that the operation output goes beyond the buffer in memory, allowing a hacker to cause a malfunction in the device.

The vulnerability of TP-LINK’s TL-WR841ND router’s microprogramming software lies in the fact that the operation is performed outside the buffer in memory when processing the ssid parameter. Exploiting this vulnerability allows a malicious actor to cause service failure by sending specially craft...

net/http: Denial of service due to improper 100-continue handling in net/http

A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service...

CVE-2025-27424

Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS 136...

libhv 环境问题漏洞

libhv is an open source network library by ithewei that is easier to use than libevent/libuv/asio. An environment issue vulnerability exists in libhv 1.3.3 and earlier versions, which stems from inconsistent HTTP request interpretation and may result in HTTP response entrapment...

CyberArk Endpoint Privilege Manager 安全漏洞

CyberArk Endpoint Privilege Manager is a privilege management software from the Israeli company CyberArk. The software includes features such as privilege management, application control and credential loss protection. A security vulnerability exists in CyberArk Endpoint Privilege Manager version...

The vulnerability of the user.bin file in the Digma A172 mobile phone’s firmware, related to deficiencies in generating HTTP requests, allows for network activities without user involvement.

The vulnerability of the user.bin file in Digma A172 mobile phone software relates to deficiencies in the generation of HTTP requests. Exploiting this vulnerability allows a remote attacker to perform network activities without the user’s involvement...

The vulnerability of the HTTP protocol implementation in the software products of the LLC “NPO “MIR” lies in the transmission of data in an open manner, which allows attackers to disclose protected information.

The vulnerability of the HTTP protocol implementation in software products of the LLC “NPO ‘MIR’” lies in the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to disclose the protected information remotely...

UBUNTU-CVE-2025-26803

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

Phusion Passenger 安全漏洞

Phusion Passenger is a fast and powerful web server and application server from Phusion Open Source. A security vulnerability exists in Phusion Passenger versions 6.0.21 through 6.0.25 that originates in a denial of service when the HTTP parser resolves an invalid HTTP method...

The vulnerability of the task and project management service WEEEK, related to the failure to implement measures for eliminating HTML tags, allows a violator to execute arbitrary HTML code.

The vulnerability of the WEEEK task and project management service is related to the lack of measures taken to eliminate HTML tags. Exploiting this vulnerability could allow a remote attacker to execute arbitrary HTML code...

CVE-2024-49337

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field...

PT-2025-7300 · Phpjabbers · Phpjabbers Restaurant Booking System

Name of the Vulnerable Software and Affected Versions: PHPJabbers Restaurant Booking System version 3.0 Description: The issue concerns multiple HTML injection vulnerabilities in the parameters name, plugin sms api key, plugin sms country code, and title. This allows for potential malicious HTML...

DEBIAN-CVE-2025-1426

Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Security update for buildah

This update for buildah fixes the following issues: CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames read for an HTTP/2 request in golang.org/x/net/http2. bsc1236531 Patch Instructions: To install this SUSE update use the SUSE...

The vulnerability of the graphical interface of Fortinet’s centralized device management solutions, FortiManager and FortiManager Cloud, as well as the security event monitoring and analysis solutions FortiAnalyzer, FortiAnalyzer Cloud, and FortiAnalyzer-BigData, allows a perpetrator to execute arbitrary code or commands.

The vulnerability of the graphical interface of Fortinet’s centralized device management solutions, FortiManager and FortiManager Cloud, as well as the security event monitoring and analysis solutions FortiAnalyzer, FortiAnalyzer Cloud, and FortiAnalyzer-BigData, exists due to the lack of measure...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

Astra Linux - уязвимость в haproxy

Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...

The vulnerability of the Access and Security component of the Oracle Hyperion Data Relationship Management data management application allows a attacker to access protected information.

The vulnerability of the Access and Security component of the Oracle Hyperion Data Relationship Management data management application relates to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to protected...

The vulnerability of the Core server component of the Oracle HTTP Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core server component of Oracle HTTP Server is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP network protocol...

The vulnerability of the Technology Foundation component of the Oracle Project Foundation software, a system for automating business operations in enterprises, allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Technology Foundation component of the Oracle Project Foundation software in the Oracle E-Business Suite relates to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the...