1151 matches found
CVE-2025-11149
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...
CVE-2025-11149
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...
node-static 安全漏洞
node-static is an rfc 2616-compliant HTTP static file server module with built-in caching by Alexis Sellier, an individual developer. A security vulnerability exists in node-static that stems from an uncaught user input exception containing a null byte, which could cause the server to crash...
PT-2025-40035
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...
NewStart CGSL MAIN 6.06 : python3@11 Vulnerability (NS-SA-2025-0238)
The remote NewStart CGSL host, running version MAIN 6.06, has python3@11 packages installed that are affected by a vulnerability: - An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the...
AZL-68073 CVE-2025-9648 affecting package ceph for versions less than 18.2.2-11
A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...
CVE-2025-9648
A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...
AZL-68085 CVE-2025-9648 affecting package ceph for versions less than 16.2.10-10
A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...
CVE-2025-9648
A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...
UBUNTU-CVE-2025-9648
A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...
CVE-2025-9648
CVE-2025-9648 affects the CivetWeb library; the issue is in mg_handle_form_request where a specially crafted HTTP POST containing a null byte in the payload can cause an infinite loop during form data parsing, leading to CPU exhaustion and DoS. The description notes the issue only impacts the lib...
Improper Neutralization of Null Byte or NUL Character
Overview Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character due to improper handling of unexpected conditions in the function mghandleformrequest. An attacker can cause the application to become unresponsive or crash by sending specially...
CVE-2025-9648 Denial of Service in CivetWeb
A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...
CVE-2025-9648 Denial of Service in CivetWeb
A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...
CivetWeb 安全漏洞
CivetWeb is an easy-to-use, powerful, C/C++-embeddable web server from Civetweb open source with optional CGI, SSL and Lua support. A security vulnerability exists in CivetWeb that stems from the mghandleformrequest function entering an infinite loop when parsing a specially crafted HTTP POST...
PT-2025-39825
Name of the Vulnerable Software and Affected Versions CivetWeb versions prior to 1.08 Description A flaw in the mg handle form request function within the CivetWeb library can be exploited to cause a denial of service DoS condition. Sending a specially crafted HTTP POST request with a null byte i...
PT-2025-39870
CVE-2025-9648: HIGH Beware! CivetWeb library vulnerability CVE-2021-4582 can lead to DoS attacks. Attackers exploiting null byte in POST requests may exhaust CPU. Update to commit 782e189.cve,CVE-2025-9648,cybersecurity https://t.co/koJeq5FxM4 https://t.co/uZhbbft0GF...
CVE-2025-55113
If the Access Control List is enforced by the Control-M/Agent and the C router is in use default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVAAR setting in newer versions, the verification stop...
Unspecified Vulnerability in BMC Control-M
BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M that originates when an email address in a client certificate stops validating when it encounters a NULL byte, whi...
Exploit for Code Injection in Rejetto Http_File_Server
CVE-2014-6287 - Rejetto HTTP File Server RCE Exploit !Rust...