Security Bulletin: Netty Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2021-21295)

Summary Netty is vulnerable to HTTP request smuggling, caused by improper validation of Content-Length header by the Http2MultiplexHandler on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-cor...

CVE-2026-23527

H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...

CVE-2025-64092

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database...

CVE-2025-66698

An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints...

SAP Identity Management 安全漏洞

SAP Identity Management is a suite of identity management applications from SAP Germany that can be embedded into business processes. A security vulnerability exists in SAP Identity Management that stems from insufficient input processing and could cause an authenticated administrator to submit a...

CVE-2025-29329

Buffer Overflow in the ippprint Internet Printing Protocol service in Sagemcom F@st 3686 MAGYAR4.121.0 allows remote attacker to execute arbitrary code by sending a crafted HTTP request...

CVE-2025-29329

Buffer Overflow in the ippprint Internet Printing Protocol service in Sagemcom F@st 3686 MAGYAR4.121.0 allows remote attacker to execute arbitrary code by sending a crafted HTTP request...

CVE-2025-29329

CVE-2025-29329 affects the Sagemcom F@st 3686 ippprint service. A buffer overflow in the ippprint HTTP handling leads to remote code execution via a crafted HTTP request, affecting MAGYAR_4.121.0 and similar builds. Evidence from multiple sources confirms the vulnerability in the ippprint compone...

CVE-2025-67278

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request...

CVE-2018-1000208

MODX Revolution version =2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 139...

CVE-2021-31227

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...

CVE-2021-22934

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request...

CVE-2023-25104

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

CVE-2022-23447

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an...

PT-2026-1874

Name of the Vulnerable Software and Affected Versions TIM BPM Suite & TIM FLOW versions prior to 9.1.2 Description An issue in TIM BPM Suite & TIM FLOW allows a remote attacker to escalate privileges via a crafted HTTP request. Recommendations Update to version 9.1.2 or later...

CVE-2025-67278

TIM BPM Suite and TIM FLOW versions prior to 9.1.2 are affected by a vulnerability that lets a remote attacker escalate privileges via a crafted HTTP request. The issue is documented across multiple sources (NVD, Red Hat, CNNVD) with a fix only noted as upgrading to 9.1.2 or later. The exact root...

CVE-2026-0731

A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-22230 OPEXUS eCASE Audit incorrect access control

OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0...

CVE-2025-67397

An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...

Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities.

Summary IBM Event Endpoint Management is affected by multiple vulnerabilities. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions...