CVE-2026-25631

The CVE-2026-25631 entry concerns n8n’s HTTP Request node credential domain validation. The vulnerability allows an authenticated attacker to send requests with credentials to unintended domains, potentially exfiltrating credentials. It specifically affects users with wildcard domain patterns lik...

CVE-2026-2017

A vulnerability was detected in IP-COM W30AP up to 1.0.0.111340. Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performe...

n8n 输入验证错误漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Prior to version 1.121.0, there was a vulnerability related to input validation errors in n8n. This vulnerability stemmed from improper validation of credentials in the HTTP Request node, allowing authenticated attackers t...

CVE-2026-20123

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the...

PT-2026-6080

Name of the Vulnerable Software and Affected Versions Cisco Meeting Management affected versions not specified Description A flaw exists in the Certificate Management feature that could allow a remote attacker with valid credentials video operator role or higher to upload arbitrary files, execute...

CVE-2026-1801 Libsoup: libsoup: http request smuggling via malformed chunk headers

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soupfilterinputstreamreadline logic, where libsoup accepts malformed chunk headers, such as lone line feed LF characters instead of the required...

EUVD-2026-5216

A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 web modules may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the...

AZL-77618 CVE-2026-1760 affecting package libsoup 3.0.4-12

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests,...

CVE-2026-1760 Libsoup: soupserver: denial of service via http request smuggling

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests,...

EUVD-2026-5105

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests,...

CVE-2026-1760

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests,...

CVE-2026-1760

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests,...

CVE-2021-47921 Free Photo & Video Vault 0.0.2 Directory Traversal Vulnerability via Web Request

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access...

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to HTTP Request Smuggling vulnerability due to gunicorn

Summary gunicorn is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-rag-tool Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM watsonx Orchestrate Developer...

CVE-2025-63652

A use-after-free in the mkhttprequestend function mkserver/mkhttp.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

CVE-2025-63651

A use-after-free in the mkstringcharsearch function mkcore/mkstring.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

CVE-2025-63653

An out-of-bounds read in the mkvhostfdtclose function mkserver/mkvhost.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

AZL-76361 CVE-2025-63657 affecting package fluent-bit 3.1.10-4

An out-of-bounds read in the mkmimetypefind function mkserver/mkmimetype.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

AZL-76389 CVE-2025-63656 affecting package fluent-bit 3.0.6-6

An out-of-bounds read in the headercmp function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

CVE-2025-63657

An out-of-bounds read in the mkmimetypefind function mkserver/mkmimetype.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...