19026 matches found
CVE-2026-33256
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33256 Unbounded memory allocation by internal web server
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33256
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33256
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
PT-2026-34324
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is...
HTTP Chunked Encoding Behavior Analyzer
This script is a security analysis tool designed to test how a web server such as Kestrel-based applications handles HTTP requests using chunked transfer encoding...
Linux Distros Unpatched Vulnerability : CVE-2026-33260
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server i...
PT-2026-34320
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
PT-2026-34321
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is...
EUVD-2026-24375
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. While...
Exploit for Improper Input Validation in Apache Tomcat
No d...
EUVD-2025-209541
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...
EUVD-2026-24086
FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shellexec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...
CVE-2026-40520
FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shellexec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...
CVE-2026-34839
A flaw was found in Glances, an open-source system monitoring tool. The Glances web server's REST API, accessible without authentication, has a permissive Cross-Origin Resource Sharing CORS policy. This vulnerability allows a malicious website to read sensitive system information from a running...
CVE-2025-13826
Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...
EUVD-2025-209536
Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...
CVE-2025-13826 Incorrect input validation on the Zervit portable HTTP/Web server
Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...
CVE-2025-13826 Incorrect input validation on the Zervit portable HTTP/Web server
Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...
PT-2026-33931
FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shell exec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...