Lucene search
K

12641 matches found

OSV
OSV
added 2025/07/10 8:15 p.m.1 views

DEBIAN-CVE-2025-53629

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: Th...

7.5CVSS5.2AI score0.00505EPSS
Exploits1References1
OSV
OSV
added 2025/07/10 8:15 p.m.2 views

DEBIAN-CVE-2025-53506

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1...

7.5CVSS8.5AI score0.01898EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/07/10 7:46 p.m.5 views

CVE-2025-53629

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: Th...

7.5CVSS5.2AI score0.00505EPSS
Exploits1
CVE
CVE
added 2025/07/10 7:46 p.m.28 views

CVE-2025-53629

CVE-2025-53629 affects cpp-httplib (C++11 single-file header-only HTTP/HTTPS library). Prior to version 0.23.0, handling of incoming requests with Transfer-Encoding: chunked could allocate memory arbitrarily on the server, risking memory exhaustion. The vulnerability is fixed in 0.23.0. Related C...

7.5CVSS6.3AI score0.00505EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/07/10 7:46 p.m.4 views

CVE-2025-53629 cpp-httplib Unbounded Memory Allocation in Chunked/No-Length Requests Vulnerability

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: Th...

7.5CVSS6.4AI score0.00505EPSS
Exploits1References5
OSV
OSV
added 2025/07/10 5:15 p.m.1 views

DEBIAN-CVE-2025-49630

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with...

7.5CVSS7.2AI score0.01149EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.7 views

Wing FTP Server 安全漏洞

Wing FTP Server is a set of cross-platform FTP server software open-sourced by Wing FTP Server. A security vulnerability exists in Wing FTP Server versions prior to 7.4.4, which originates from loginok.html disclosing the local installation path...

10CVSS9AI score0.95343EPSS
Exploits24References4
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect size of the completion result of the management command in virtio-pci, which could lead to...

5.5CVSS8AI score0.0012EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.8 views

PT-2025-33589

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a memory leak in the atm subsystem related to the clip vcc structure. The ioctlATMARPD CTRL function in atm init atmarp sets vcc-push to NULL, which prevents...

5.5CVSS6.5AI score0.00149EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2025/07/10 12:0 a.m.18 views

CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default. This is thu...

10CVSS6.7AI score0.95343EPSS
In wildExploits23References8
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.1 views

cpp-httplib 安全漏洞

cpp-httplib is an HTTP/HTTPS server and client library written in C++ by the individual developer yhirose. A security vulnerability exists in cpp-httplib versions prior to 0.23.0, which stems from a Transfer-Encoding: chunked header that could cause the server to run out of memory...

7.5CVSS6.4AI score0.00505EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.3 views

Apache Tomcat 资源管理错误漏洞

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement the Servlet and JavaServer Page JSP support. Apache Tomcat has a Resource Management Error vulnerability that originates from an HTTP/2 client not acknowledging the initial setu...

7.5CVSS7.8AI score0.01898EPSS
Exploits0References4
OSV
OSV
added 2025/07/09 11:15 a.m.11 views

AZL-70433 CVE-2025-38264 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvmetcphandler2t to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request list processing...

5.5CVSS5.6AI score0.00136EPSS
Exploits0References1
OSV
OSV
added 2025/07/09 11:15 a.m.6 views

AZL-72790 CVE-2025-38251 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: atm: clip: prevent NULL deref in clippush Blamed commit missed that vccdestroysocket calls clippush with a NULL skb. If clipdevs is NULL, clippush then crashes when reading skb-truesize...

5.5CVSS6.8AI score0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.5 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a memory corruption when copying results in a transfer queue shared between a virtual machine and a host...

7.8CVSS6.9AI score0.00082EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.5 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption when copying results to the transfer queue in EMAC...

7.8CVSS6.8AI score0.00082EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/07/07 8:44 a.m.7 views

kernel: net: atm: fix use after free in lec_send()

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lecsend The -send operation frees skb so save the length before calling -send to avoid a use after free...

7.8CVSS6.8AI score0.00181EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2025/07/07 12:0 a.m.116 views

📄 Wing FTP Server NULL-byte Authentication Bypass

Wing FTP Server allows arbitrary Lua code injection via a NULL-byte %00 truncation bug CVE-2025-47812. Supplying %00 as the username makes the C++ authentication routine validate only the prefix, while the full string is written unfiltered into the session file and later executed with root/SYSTEM...

10CVSS8.4AI score0.95343EPSS
Exploits23
Metasploit
Metasploit
added 2025/07/06 6:55 p.m.415 views

TFTP Fetch

Fetch and execute an x64 payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/x64/sethostname msf payloadsethostname show actions ...actions... msf payloadsethostname set ACTION msf payloadsethostname show options ...show and set options... msf payloadsethostname run This...

5.8AI score
Exploits0
Gitee
Gitee
added 2025/07/06 3:21 a.m.125 views

Pentest-and-Development-Tips

Pentest-and-Development-Tips A collection of pentest and development tips Author: 3gstudent Click on me to view the English version 声明 以下技巧不应用于非法用途 --- Tips 1. 手动端口探测 nmap的-sV可以探测出服务版本,但有些情况下必须手动探测去验证 使用Wireshark获取响应包未免大材小用,可通过nc简单判断 eg. 对于8001端口,nc连接上去,随便输入一个字符串,得到了以下结果: $ nc -vv localhost 8001...

7.4AI score
Exploits0
Rows per page
Query Builder