57 matches found
CVE-2026-6276
A flaw was found in libcurl. This vulnerability allows for information disclosure when a custom Host: header is used in an initial HTTP request, and a subsequent request reuses the same connection without specifying a new Host: header. This can lead to libcurl incorrectly sending cookies intended...
Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
...
CVE-2009-0242
gmetad in Ganglia 3.1.1, when supporting multiple requests per connection on an interactive port, allows remote attackers to cause a denial of service via a request to the gmetad service with a path that does not exist, which causes Ganglia to 1 perform excessive CPU computation and 2 send the...
CVE-2025-41082 HTTP Request/Response Smuggling in Altitude Communication Server
Illegal HTTP request traffic vulnerability CL.0 in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which...
undertow: Improper State Management in Proxy Protocol parsing causes information leakage
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
EUVD-2025-23834
Malicious code in bioql PyPI...
EUVD-2022-52153
Malicious code in bioql PyPI...
EUVD-2022-5220
Malicious code in bioql PyPI...
undertow: Improper State Management in Proxy Protocol parsing causes information leakage
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
BIT-SUPERSET-2023-42504 Apache Superset: Lack of rate limiting allows for possible denial of service
An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service. This issue affects Apache Superset: before 3.0.0...
CVE-2024-51557
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted...
undertow: Improper State Management in Proxy Protocol parsing causes information leakage
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
undertow: Improper State Management in Proxy Protocol parsing causes information leakage
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
undertow: Improper State Management in Proxy Protocol parsing causes information leakage
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case
So far in this series, Ive developed a fuzzer for the µC/HTTP-server. As described in the previous post, this fuzzer reads from a file to enable compatibility with AFL++. That implementation only fuzzes a single request at a time. Although that single request fuzzer uncovered a few security...
DEBIAN-CVE-2024-7885
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
UBUNTU-CVE-2024-7885
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
Automattic: Race condition on add 1 free domain
A race condition vulnerability was discovered on the Gravatar platform, which allowed users to bypass the limitation of claiming only one free custom domain. The vulnerability was triggered by creating multiple parallel requests to the public-api.wordpress.com endpoint, where the "meta" parameter...
MAL-2024-5387 Malicious code in multiplerequests (PyPI)
--- -= Per source details. Do not edit below this line.=-...
BIT-MEDIAWIKI-2020-25827
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster such as via CentralAuth, rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across...