656 matches found
CVE-2022-50977 Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via HTTP
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP...
CVE-2022-50977
The CVE-2022-50977 issue affects Innomic VibroLine VLX and avibia AVLX devices, allowing an unauthenticated remote attacker to switch between multiple configuration presets via HTTP, potentially disrupting operations. The root cause is unauthenticated HTTP access enabling preset changes, with a h...
EUVD-2022-55954
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: weldr-client (UTSA-2026-005216)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005216 advisory. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is us...
CVE-2025-63649
An out-of-bounds read in the httpparsertransferencodingchunked function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted POST request to the server...
PT-2026-5333
An out-of-bounds read in the http parser transfer encoding chunked function mk server/mk http parser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted POST request to the server...
RLSA-2026:1374 Moderate: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
CVE-2026-22263 Suricata http1: quadratic complexity in headers parsing over multiple packets
Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed vulnerabilities in Oracle Enterprise Manager Base Platform and Oracle Application Testing Suite. The vulnerabilities allow unauthenticated attackers to gain unauthorized access, or can lead to a partial denial-of-service over HTTP. Oracle has released updates to fix the...
CVE-2026-21970
Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applications component: Platform. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Life...
CVE-2026-21973
Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications component: Security Management System. Supported versions that are affected are 14.5.0.15.0, 14.7.0.8.0 and 14.8.0.1.0. Easily exploitable vulnerability allows low privileged attacker with...
Oracle Supply Chain security vulnerabilities
Oracle Supply Chain is a supply chain solution developed by Oracle Corporation in the United States. This product offers features such as value chain planning, value chain execution, and product lifecycle management. The version 9.3.6 of Oracle Agile PLM in Oracle Supply Chain contains a security...
MiracleLinux 8 : haproxy-1.8.23-3.el8 (AXSA:2020-267:02)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-267:02 advisory. haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated chunked value CVE-2019-18277 haproxy: HTTP/2...
UBUNTU-CVE-2026-22776
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies Content-Encoding: gzip, br, etc.. The library validates the...
CVE-2021-22766
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 Versions 3.0.0 and newer and PowerLogic EGX300 All Versions that could cause denial of service via a specially crafted HTTP packet...
CVE-2021-2375
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime. Supported versions that are affected are 9.2.5.3 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne...
CVE-2021-2029
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite component: Miscellaneous. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting...
CVE-2025-15008 Tenda WH450 HTTP Request L7Port stack-based overflow
A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now publ...
curl: Unbounded memory consumption via compressed HTTP responses (gzip/brotli/zstd)
During a review of curl's handling of response decompression, it was noticed that no limit exists on the final uncompressed data volume from compressed HTTP replies. Instead of setting constraints, the current design allows indefinite expansion during processing. This absence of limits could lead...
USN-7932-1 libsoup3 vulnerability
It was discovered libsoup incorrectly handled memory when handling specific HTTP/2 read and cancel sequences. An attacker could possibly use this issue to cause a denial of service...