Lucene search
K

348 matches found

EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42644

Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. The device fails to validate the length of the clock= value in the Range header field when processing a PLAY request. An unauthenticated remote attacker who has completed a standard RTSP session handsha...

6.4AI score0.0041EPSS
Exploits0References2
NVD
NVD
added 5 days ago8 views

CVE-2026-51601

Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. The device fails to validate the length of the clock= value in the Range header field when processing a PLAY request. An unauthenticated remote attacker who has completed a standard RTSP session handsha...

7.5CVSS0.0041EPSS
Exploits0References1
CVE
CVE
added 5 days ago8 views

CVE-2026-51601

The CVE describes a stack-based buffer overflow in the RTSP service of Tenda CP3 V3.0 firmware (version V31.1.9.91). The flaw arises from insufficient validation of the clock= value in the Range header during a PLAY request, enabling an unauthenticated remote attacker who has completed a standard...

7.5CVSS6.4AI score0.0041EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-51601

Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. The device fails to validate the length of the clock= value in the Range header field when processing a PLAY request. An unauthenticated remote attacker who has completed a standard RTSP session handsha...

0.0041EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 6 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-58470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows...

6.9CVSS6.3AI score0.00247EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added last week4 views

CVE-2026-58470

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score0.00247EPSS
Exploits0References2
OSV
OSV
added last week5 views

CVE-2026-58470 GNU Wget 1.25.0 Integer Overflow via Content-Range Header Parsing

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score0.00247EPSS
Exploits0References5
Cvelist
Cvelist
added last week39 views

CVE-2026-58470 GNU Wget 1.25.0 Integer Overflow via Content-Range Header Parsing

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS0.00247EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week4 views

CVE-2026-58470

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score0.00247EPSS
Exploits0References3
CVE
CVE
added last week16 views

CVE-2026-58470

GNU Wget 1.25.0 and earlier is affected by an integer overflow in parse_content_range() (src/http.c) triggered by server-controlled Content-Range headers, leading to undefined behavior and download desynchronization. The issue is fixed in commit 43d3ba9, and users should upgrade to a version that...

6.9CVSS6.1AI score0.00247EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added last week5 views

EUVD-2026-42082

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score0.00247EPSS
Exploits0References2
Debian CVE
Debian CVE
added last week3 views

CVE-2026-58470

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score0.00247EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.6 views

PT-2026-56239

Name of the Vulnerable Software and Affected Versions GNU Wget versions prior to 1.25.0 commit 43d3ba9 Description An integer overflow occurs in the parse content range function within src/http.c. This issue allows server-controlled values to cause signed integer arithmetic to overflow. An attack...

7.1CVSS6.2AI score0.00247EPSS
Exploits0References14
OSV
OSV
added 2026/06/17 8:36 a.m.2 views

SUSE-SU-2026:22151-1 Security update for python-starlette

This update for python-starlette fixes the following issues - CVE-2025-54121: denial-of-service when parsing a multi-part form with large files bsc1246855. - CVE-2025-62727: DoS via Range header merging bsc1252805. - CVE-2026-48710: Missing Host header validation poisons request.url.path, bypassi...

7.5CVSS6.1AI score0.01438EPSS
Exploits2References7
OSV
OSV
added 2026/06/17 8:36 a.m.2 views

OPENSUSE-SU-2026:20975-1 Security update for python-starlette

This update for python-starlette fixes the following issues - CVE-2025-54121: denial-of-service when parsing a multi-part form with large files bsc1246855. - CVE-2025-62727: DoS via Range header merging bsc1252805. - CVE-2026-48710: Missing Host header validation poisons request.url.path, bypassi...

7.5CVSS6.1AI score0.01438EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.11 views

EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2026-2213)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in th...

9.1CVSS6.5AI score0.0043EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Ruby-Rack

A denial-of-service vulnerability exists in the Range header parsing component of Rack, version 1.5.0 and later. A carefully crafted input can cause the Range header parsing component in Rack to take an unexpectedly long time, potentially leading to a denial-of-service attack. Any applications th...

7.5CVSS6.6AI score0.01626EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the...

7.5CVSS6.5AI score0.01612EPSS
Exploits1References2
OSV
OSV
added 2026/05/07 7:22 a.m.5 views

SUSE-SU-2026:1745-1 Security update for rmt-server

This update for rmt-server fixes the following issues: Update to version 2.27. Security issues fixed: - CVE-2026-26961: rack: greedy multipart boundary parsing can lead to parser differentials and WAF bypass bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can le...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References21
OSV
OSV
added 2026/04/22 10:57 a.m.9 views

CLSA-2026-1776855452 libsoup: Fix of 2 CVEs

CVE-2026-1801: use CRLF as line boundary when parsing chunked encoding data to prevent HTTP request smuggling via lone LF - CVE-2026-2443: reject Range header ends exceeding content length to prevent out-of-bounds read in byte range handling...

6.5CVSS5.8AI score0.0043EPSS
Exploits0References1
Rows per page
Query Builder