Prometheus exporter process crash via malformed HTTP request

Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. You...

GHSA-Q7RR-3CGH-J5R3 Prometheus exporter process crash via malformed HTTP request

Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. You...

EUVD-2019-8539

Malware in sbrugna...

EUVD-2002-0868

Malware in sbrugna...

EUVD-2001-0108

Malware in sbrugna...

EUVD-2018-19160

Malware in sbrugna...

EUVD-2002-1539

Malware in sbrugna...

EUVD-2023-42251

Malicious code in bioql PyPI...

EUVD-2024-46146

Malicious code in bioql PyPI...

CVE-2025-48879 OctoPrint Vulnerable to Denial of Service through malformed HTTP request

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...

CVE-2025-48879 OctoPrint Vulnerable to Denial of Service through malformed HTTP request

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...

CVE-2024-52558

The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program...

CVE-2012-4689

Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service daemon crash via a malformed HTTP request...

CVE-2024-52558

The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program...

CVE-2024-52558 Planet Technology Planet WGS-804HPT Integer Underflow

The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program...

CVE-2024-37040

CVE-2024-37040 is associated with Schneider Electric Sage RTU devices. The vulnerability stems from a buffer copy without checking input size in the web interface, described as a classic Buffer Overflow (CWE-120). A malformed HTTP request could cause a fault in the device. Connected sources corro...

CVE-2023-38434

xHTTP 72f812d has a double free in closeconnection in xhttp.c via a malformed HTTP request method...

CVE-2023-38434

xHTTP 72f812d has a double free in closeconnection in xhttp.c via a malformed HTTP request method...

Tenda N300 F3 12.01.01.48 Header Processing

!/usr/bin/python3 Exploit Title: Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing Shodan Dork: http.favicon.hash:-2145085239 http.title:"Tenda | LOGIN" Date: 09/03/2023 Exploit Author: @h454nsec Github: https://github.com/H454NSec/CVE-2020-35391 Vendor Homepage:...

SUSE CVE-2011-3348

The modproxyajp module in the Apache HTTP Server before 2.2.21, when used with modproxybalancer in certain configurations, allows remote attackers to cause a denial of service temporary "error state" in the backend server via a malformed HTTP request...