Lucene search
+L

5916 matches found

NVD
NVD
added 2026/04/01 5:28 p.m.12 views

CVE-2026-20097

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. A...

6.5CVSS0.00549EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.9 views

PT-2026-29547

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests...

9.8CVSS6.2AI score0.00519EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/01 12:0 a.m.20 views

CVE-2024-40489

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests...

0.00519EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

JeecgBoot 安全漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Versions of JeecgBoot from 3.0.0 to 3.5.3 have security vulnerabilities. These vulnerabilities stem from lax character filtering, which could allow attackers to execute arbitrary code o...

9.8CVSS6.3AI score0.00519EPSS
Exploits0References2
CVE
CVE
added 2026/03/29 5:51 p.m.26 views

CVE-2026-0560

Summary of the vulnerability (CVE-2026-0560): In parisneo/lollms

7.5CVSS7.4AI score0.01765EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/26 6:48 p.m.11 views

GHSA-PWQR-WMGM-9RR8 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

Summary Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Background This vulnerability is a new variant discovered during research into the "Funky Chunks" HTTP request smuggling techniques: - - The original researc...

7.5CVSS6.1AI score0.0064EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.4 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

8.8CVSS6.2AI score0.00453EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.10 views

CVE-2026-26829

A NULL pointer dereference in the safeatou64 function src/misc.c of owntone-server through commit c4d57aa allows attackers to cause a Denial of Service DoS via sending a series of crafted HTTP requests to the server...

7.5CVSS5.8AI score0.00882EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.4 views

CVE-2026-25689

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions,...

6.5CVSS5.8AI score0.00535EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32110

SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and...

8.3CVSS5.9AI score0.00278EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/23 12:0 a.m.6 views

CVE-2026-26829

A NULL pointer dereference in the safeatou64 function src/misc.c of owntone-server through commit c4d57aa allows attackers to cause a Denial of Service DoS via sending a series of crafted HTTP requests to the server...

7.5CVSS5.8AI score0.00882EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.13 views

PT-2026-27147

A NULL pointer dereference in the safe atou64 function src/misc.c of owntone-server through commit c4d57aa allows attackers to cause a Denial of Service DoS via sending a series of crafted HTTP requests to the server...

7.5CVSS5.8AI score0.00882EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.8 views

Siemens APE1808 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2025-68686)

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypas...

5.9CVSS5.8AI score0.00477EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/17 12:16 p.m.3 views

CVE-2026-4271

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.9AI score0.00829EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/03/17 11:14 a.m.30 views

CVE-2026-4271

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.5AI score0.00829EPSS
Exploits1
CNVD
CNVD
added 2026/03/17 12:0 a.m.4 views

Fortinet FortiSandbox Cloud OS Command Injection Vulnerability

Fortinet FortiSandbox Cloud is a malware sandbox analysis platform from US-based Fiat Fortinet. Fortinet FortiSandbox Cloud version 5.0.4 suffers from an OS command injection vulnerability. The vulnerability stems from improper neutralization of special elements in os commands and can be exploite...

7.2CVSS6AI score0.0176EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/13 3:18 p.m.4 views

SUSE CVE-2019-25355

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal...

8.7CVSS5.8AI score0.01206EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.19 views

PT-2026-25163

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 and 27.3.4.9 inets versions 5.10 through 9.6.1 inets versions 9.1.0.5 and 9.3.2.3 Description An inconsistent interpretation of HTTP requests, specifically 'HTTP Request...

9.7CVSS7.2AI score0.00528EPSS
Exploits0References59
NVD
NVD
added 2026/03/12 8:16 p.m.6 views

CVE-2026-1525

Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications...

9.8CVSS0.00493EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/11 10:8 a.m.28 views

CVE-2026-1965 bad reuse of HTTP Negotiate connection

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

0.00259EPSS
Exploits0References2
Rows per page
Query Builder