19028 matches found
DEBIAN-CVE-2026-5440
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
CVE-2026-5440
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
CVE-2026-5440
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
UBUNTU-CVE-2026-5440
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
CVE-2026-5440
CVE-2026-5440 describes a memory exhaustion vulnerability in an HTTP server caused by unbounded handling of the Content-Length header. The server allocates memory directly based on the attacker-supplied Content-Length value, without an upper limit, so a crafted request with a very large Content-L...
CVE-2026-5440 Memory Exhaustion via Unbounded Content-Length
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
EUVD-2026-20862
A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible...
Tenda CH22 路径遍历漏洞
Tenda CH22 is a network device produced by the Chinese company Tenda. The version Tenda CH22 1.0.0.6468 contains a path traversal vulnerability. This vulnerability stems from a path traversal issue within the R7WebsSecurityHandler function in the httpd component, which may lead to path traversal...
Orthanc 安全漏洞
Orthanc is a free open-source software developed by the Orthanc company. Orthanc has a security vulnerability, which stems from the HTTP server’s unlimited use of the Content-Length header, leading to a memory exhaustion issue. This vulnerability may cause excessive memory allocation and...
Cisco IOS Software HTTP Server DoS (cisco-sa-ios-http-dos-sbv8XRpL)
According to its self-reported version, Cisco IOS is affected by a vulnerability. - A denial of service DoS vulnerability exists in Cisco IOS Software due to improper validation of user-supplied input. An authenticated remote attacker can exploit this issue, via sending malformed HTTP requests to...
CVE-2026-5795
In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent reques...
EUVD-2026-20263
Cross-Site Request Forgery CSRF vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through = 2.3.2.5...
CVE-2026-39620
Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through = 3.5.5...
WordPress plugin Busiprof 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-35471
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile missing return after path traversal check. This vulnerability is fixed in 2.0.0-beta.3...
CVE-2026-34045 Podman Desktop WebView Server Exposed
Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract sensitive information. By abusing missing connection...
GO-2026-4879 Local Incus UI web server vulnerable to nuthentication bypass in github.com/lxc/incus
Local Incus UI web server vulnerable to nuthentication bypass in github.com/lxc/incus...
CVE-2021-4473
CVE-2021-4473 affects the Tianxin Internet Behavior Management System. A command-injection flaw exists in the Reporter component endpoint, allowing unauthenticated attackers to supply an objClass parameter containing shell metacharacters and output redirection to execute arbitrary commands. This ...
Podman Desktop 资源管理错误漏洞
Podman Desktop is an open-source container management tool developed by podman-desktop. Versions of Podman Desktop prior to 1.26.2 contained a resource management vulnerability. This vulnerability stemmed from an unverified HTTP server that lacked connection limits and timeout mechanisms, which...
SUSE CVE-2026-33032
Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoi...