CVE-2020-36963 Intelbras Router RF 301K 1.1.2 - Authentication Bypass

Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router...

CVE-2026-0919

The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can...

CVE-2025-41082

Illegal HTTP request traffic vulnerability CL.0 in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which...

PT-2026-4738

Illegal HTTP request traffic vulnerability CL.0 in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which...

EUVD-2026-4601

C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, remote attacker to read arbitrary files from the server's...

CVE-2026-1328 Totolink NR1800X POST Request cstecgi.cgi setWizardCfg buffer overflow

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack may be initiated remotely. The...

CVE-2025-53912

An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability...

CVE-2025-53912

An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability...

CVE-2025-53912

An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability...

CVE-2025-53912

An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability...

CVE-2025-53912

MedDream PACS Premium 7.3.6.870 is affected by CVE-2025-53912. Cisco Talos details a post-auth arbitrary file read in the encapsulatedDoc functionality, reachable via a specially crafted HTTP request to Pacs/encapsulatedDoc.php where the attacker controls the path parameter (no sanitization). The...

MiracleLinux 8 : nodejs:16 (AXSA:2022-3844:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3844:01 advisory. nodejs-ansi-regex: Regular expression denial of service ReDoS matching ANSI escape codes CVE-2021-3807 nodejs: DNS rebinding in --inspect via invali...

PT-2026-3597

Name of the Vulnerable Software and Affected Versions MedDream PACS Premium version 7.3.6.870 Description An arbitrary file read issue exists in the encapsulatedDoc functionality. A specially crafted HTTP request can lead to unauthorized file access. An attacker can send an HTTP request to the...

MiracleLinux 7 : rh-varnish6-varnish-6.0.8-2.el7.1 (AXSA:2022-3192:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3192:01 advisory. varnish: HTTP/1 request smuggling vulnerability CVE-2022-23959 Tenable has extracted the preceding description block directly from the MiracleLinux security...

CVE-2026-1123 Yonyou KSOA HTTP GET Parameter work_mod.jsp sql injection

A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/workmod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available an...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the component’s HTTP GET Parameter Handler, specifically for...

CVE-2025-14822

Mattermost versions 10.11.x = 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens...

TMS code-related vulnerabilities

TMS is a channel-based team communication and collaboration tool developed by Weicheng’s individual developers, along with a lightweight task board. Versions of TMS 2.28.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter url in the...

Mattermost is vulnerable to CPU exhaustion via crafted HTTP request

Mattermost versions 10.11.x = 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens...

EUVD-2026-2917

Mattermost versions 10.11.x = 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens...