EUVD-2026-38171

Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/ endpoint that allows unauthenticated attackers to trigger consistent 500 errors. Remote attackers can send OPTIONS requests to bypass authentication middleware and invoke tusProxy logic with invalid...

CVE-2026-56299

Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/ endpoint that allows unauthenticated attackers to trigger consistent 500 errors. Remote attackers can send OPTIONS requests to bypass authentication middleware and invoke tusProxy logic with invalid...

GHSA-2JF5-6WWV-VHXX Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods

Summary A vulnerability in the Inngest TypeScript SDK versions 3.22.0 through 3.53.1 allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve HTTP handler. The serve handler implements GET, POST, and PUT methods. Requests using PATCH, OPTIONS...

Next.js: HTTP request smuggling in rewrites

Summary When Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes. Impact An attacker could...

GHSA-GGV3-7P47-PFV8 Next.js: HTTP request smuggling in rewrites

Summary When Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes. Impact An attacker could...

AirPlay RTSP Device Discovery Scanner

The AirPlay RTSP Device Discovery Scanner is a Metasploit auxiliary module designed to safely identify Apple AirPlay-compatible devices by sending a legitimate RTSP OPTIONS request to the default AirPlay service port 7000/TCP. The module performs non-intrusive service fingerprinting only and does...

CVE-2010-0361

Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server aka SJWS 7.0 Update 7 allows remote attackers to cause a denial of service daemon crash and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request...

EUVD-2020-2570

Malware in sbrugna...

EUVD-2006-0744

Malware in sbrugna...

EUVD-2002-2220

Malware in sbrugna...

CVE-2025-54142

Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards...

CVE-2025-54142

Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards...

Akamai Ghost 环境问题漏洞

Akamai Ghost is an HTTP service program from Akamai Corporation. An environmental issue vulnerability exists in versions of Akamai Ghost prior to 2025-07-21, which stems from an HTTP request smuggling attack that can be performed by an attacker by sending an OPTIONS request with an entity body...

PT-2025-35165

Name of the Vulnerable Software and Affected Versions: Akamai Ghost versions prior to 2025-07-21 Description: Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body. This occurs because a subsequent request can be sent within the persistent...

CVE-2025-54142

CVE-2025-54142 affects Akamai Ghost (versions prior to 2025-07-21). The issue is HTTP Request Smuggling via an OPTIONS request that carries an entity body, enabling a following request on the same persistent connection between an Akamai proxy and an origin server when the origin server violates c...

CVE-2025-54142

Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards...

CVE-2025-54142

Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards...

CVE-2025-32094

An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai...

PT-2025-32252 · Akamai · Akamaighost

Name of the Vulnerable Software and Affected Versions: Akamai Ghost versions prior to 2025-03-26 Description: An issue exists in Akamai Ghost, used for the Akamai CDN platform. A client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can...

CVE-2020-10105

An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an attacker to formulate more precise attacks. Source code was disclosed for the file 404.html...