CVE-2026-2862 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive...

CLSA-2026-1775062103 squid34: Fix of 2 CVEs

CVE-2026-33526: fix heap Use-After-Free in ICP traffic handling causing DoS - CVE-2026-32748: fix HttpRequest lifetime in ICP v3 queries preventing Use-After-Free DoS...

PT-2026-29548

A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request...

ROS-20260401-73-0046

The server vulnerability for python Waitress is related to a flaw in HTTP request handling. Exploitation of the vulnerability allows an attacker acting remotely to impact data integrity...

CVE-2024-43028

CVE-2024-43028 is a reported command-injection vulnerability in the Jeecg Boot platform, affecting the /jmreport/show component from v3.0.0 to v3.5.3. The issue allows an attacker to execute arbitrary code via a crafted HTTP request, with network access (no authentication) required. The CVSS v3.1...

CLSA-2026-1774947708 squid: Fix of 3 CVEs

CVE-2026-33526: fix heap Use-After-Free in ICP traffic handling causing DoS - CVE-2026-33515: fix out-of-bounds read in ICP message handling leaking sensitive information - CVE-2026-32748: fix HttpRequest lifetime in ICP v3 queries preventing Use-After-Free DoS...

HTTP Request Smuggling

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to HTTP Request Smuggling via discrepancies in the parsing of HTTP header names. An attacker can bypass security controls and access unauthorized resources by sending...

CVE-2026-33559

WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user...

📄 Generic HTTP Command Execution

This Metasploit module interacts with existing command execution functionality on a target system, where user-supplied input is directly passed to system execution functions via a HTTP request. This could be from an existing vulnerability, or uploaded webshells. It is likely that HTTP evasion...

CVE-2026-30578

File Thinghie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "dir" parameter of the GET request to invoke arbitrary javascript code...

HTTP Request Smuggling

Next.js is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of Transfer-Encoding: chunked and Content-Length headers during proxy rewrites, which allows an attacker to craft malicious DELETE/OPTIONS requests and smuggle unauthorized requests to unintended backen...

EUVD-2025-209016

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

SUSE-SU-2026:1030-1 Security update for salt

This update for salt fixes the following issues: - Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is IBM's enterprise-class data integration platform for data quality management and ETL processing. An information disclosure vulnerability exists in IBM InfoSphere Information Server that stems from a query string of an HTTP GET request that could expose sensiti...

PT-2026-27769

A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution RCE by sending a specially crafted HTTP request...

Multiple vulnerabilities in Xerox FreeFlow Core (XRX26-005)

Overview Xerox FreeFlow Core contains multiple vulnerabilities listed below. Path traversal CWE-22 - CVE-2026-2251 XML external entity reference XXE CWE-611 - CVE-2026-2252 FUJIFILM Business Innovation Corp. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN...

PT-2026-27112

An unauthenticated credential disclosure vulnerability in the /goform/ate endpoint of Nexxt Solutions Nebula 300+ firmware through Nebula300+ v12.01.01.37 allows an adjacent attacker to obtain the administrator password in Base64-encoded form via a crafted HTTP request. The recovered credential c...

PT-2026-26786

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo, an open source video platform, contains an unauthenticated server-side request forgery SSRF vulnerability in the plugin/Live/test.php file. This allows a remote user to make the AVid...

TRENDnet TEW-632BRP Buffer Overflow Vulnerability

The TRENDnet TEW-632BRP is a wireless router from TRENDnet. A buffer overflow vulnerability exists in the TRENDnet TEW-632BRP. The vulnerability is caused due to a lack of bounds checking in the user-controlled pingipadder parameter in the HTTP POST request handler of the /pingresponse.cgi...

CVE-2026-29057 Next.js: HTTP request smuggling in rewrites

Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary...