CVE-2026-44441

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 15.106.0 and 16.16...

CVE-2026-32031

OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in gateway authentication for plugin channel endpoints due to path canonicalization mismatch between the gateway guard and plugin handler routing. Attackers can bypass authentication by sending reques...

CVE-2026-31878 Frappe: Possible SSRF by any authenticated user

Frappe is a full-stack web application framework. Prior to 14.100.1, 15.100.0, and 16.6.0, a malicious user could send a crafted request to an endpoint which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 14.100.1, 15.100.0, and 16.6...

EUVD-2002-2384

Malware in sbrugna...

EUVD-2018-15101

Malware in sbrugna...

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF006

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF006 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Request...

Security Bulletin: Vulnerability within WebSphere Application and IBM HTTP Server, affect IBM Tivoli Monitoring.

Summary Vulnerability within WebSphere Application and IBM HTTP Server which is included as part of IBM Tivoli Monitoring ITM portal server has been remediated. Vulnerability Details CVEID:CVE-2025-36038 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to...

CVE-2025-46569 OPA server Data API HTTP path injection of Rego

Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a singl...

CVE-2025-1385

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...

Linux Distros Unpatched Vulnerability : CVE-2024-21647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer...

CVE-2023-26104

All versions of the package lite-web-server are vulnerable to Denial of Service DoS when an attacker sends an HTTP request and includes control characters that the decodeURI function is unable to parse...

Amazon Linux 2 : golang, golang-bin, golang-misc (ALAS-2023-1926)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1926 advisory. An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries ...

GHSA-XRJJ-MJ9H-534M golang.org/x/net/http2 vulnerable to possible excessive memory growth

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to HTTP Parameter Override discovered in MDM User Interface (CVE-2016-9717)

Summary IBM InfoSphere Master Data Management is vulnerable to a HTTP Parameter Override which may produce an anomalous behavior in the application that can be potentially exploited . Vulnerability Details CVEID: CVE-2016-9717 DESCRIPTION: HTTP Parameter Override is identified in IBM Infosphere...

RedHat Update for httpd RHSA-2017:1721-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

F5 BigIP HTTP Virtual Server Scanner

This module scans for BigIP HTTP virtual servers using banner grabbing. BigIP system uses different HTTP profiles for managing HTTP traffic and these profiles allow to customize the string used as Server HTTP header. The default values are "BigIP" or "BIG-IP" depending on the BigIP system version...

Mozilla Firefox 3.5 (Font tags) Remote Heap Spray Exploit (pl)

Exploit for windows platform in category remote exploits ============================================================== Mozilla Firefox 3.5 Font tags Remote Heap Spray Exploit pl ============================================================== FireFox 3.5 Heap Spray Discovered by: Simon Berry-Bryne...

CVE-2007-4337

Multiple buffer overflows in the httplibparsescheader function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long 1 Location and 2 Server HTTP headers, a different vulnerability than CVE-2006-3124...

CVE-2004-2582

Novell iChain 2.3 includes the build number in the VIA line of the proxy server's HTTP headers, which allows remote attackers to obtain sensitive information...

MDG Web Server 4D 3.6 - HTTP Command Buffer Overflow

// source: https://www.securityfocus.com/bid/7479/info A buffer overflow vulnerability has been reported for MDG Web Server. The vulnerability exists when the web server attempts to process overly long HTTP requests. Specifically, when the web server processes a malformed HTTP request of excessiv...