Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20544 matches found

CVE
CVEadded 2026/05/25 2:15 p.m.14 views

CVE-2018-25374

CVE-2018-25374 affects Softneta MedDream PACS Server Premium 6.7.1.1. A directory-traversal vulnerability allows unauthenticated attackers to read arbitrary files by manipulating the path parameter, using requests to nocache.php with encoded backslash sequences. This can expose sensitive files in...

8.7CVSS5.9AI score0.00683EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/25 2:15 p.m.6 views

CVE-2018-25374 Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and acce...

8.7CVSS5.9AI score0.00683EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/25 2:15 p.m.8 views

EUVD-2018-21897

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and acce...

8.7CVSS5.9AI score0.00683EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/25 2:15 p.m.36 views

CVE-2018-25374 Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and acce...

8.7CVSS0.00683EPSS
Exploits0References3
CVE
CVEadded 2026/05/25 2:15 p.m.13 views

CVE-2018-25365

PCViewer VT1000 is affected by a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests (e.g., ../../../../../../../../../../../../etc/passwd). The root cause is a failure to validate or sanitize path t...

8.7CVSS5.9AI score0.00683EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:15 p.m.6 views

CVE-2018-25365

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system...

8.7CVSS5.9AI score0.00683EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/25 2:15 p.m.20 views

CVE-2018-25365 PCViewer vt1000 Directory Traversal via GET Request

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system...

8.7CVSS0.00683EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/25 2:15 p.m.4 views

CVE-2018-25365 PCViewer vt1000 Directory Traversal via GET Request

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system...

8.7CVSS5.9AI score0.00683EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/25 2:15 p.m.8 views

EUVD-2018-21885

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system...

8.7CVSS5.9AI score0.00683EPSS
Exploits0References3
CVE
CVEadded 2026/05/25 2:0 p.m.15 views

CVE-2026-47072

CVE-2026-47072 affects hackney versions 2.0.0–4.0.0, where the WebSocket upgrade path is vulnerable to CRLF injection. The upgrade code copies caller-supplied host, path, headers (ExtraHeaders), and protocols options into the internal ws_data structure and then concatenates them into the HTTP/1.1...

7.5CVSS6AI score0.00039EPSS
Exploits1References4Affected Software1
EUVD
EUVDadded 2026/05/25 2:0 p.m.8 views

EUVD-2026-31690

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...

6.9CVSS6AI score0.00039EPSS
Exploits1References4
OSV
OSVadded 2026/05/25 2:0 p.m.5 views

EEF-CVE-2026-47072 CRLF injection in WebSocket upgrade request in hackney

Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the...

6.9CVSS6AI score0.00039EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/05/25 2:0 p.m.8 views

CVE-2026-47072 CRLF injection in WebSocket upgrade request in hackney

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...

6.9CVSS6AI score0.00039EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:0 p.m.8 views

CVE-2026-47072

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...

6.9CVSS6AI score0.00039EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2026/05/25 2:0 p.m.34 views

CVE-2026-47072 CRLF injection in WebSocket upgrade request in hackney

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...

6.9CVSS0.00039EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/05/25 2:0 p.m.7 views

CVE-2026-47075 CR/LF injection in query parameter in hackney

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

6.8CVSS5.9AI score0.00033EPSS
Exploits1References4
OSV
OSVadded 2026/05/25 2:0 p.m.6 views

EEF-CVE-2026-47075 CR/LF injection in query parameter in hackney

Summary Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the gramma...

6.8CVSS5.9AI score0.00033EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:0 p.m.6 views

CVE-2026-47075

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

6.8CVSS5.9AI score0.00033EPSS
Exploits1References5
CVE
CVEadded 2026/05/25 2:0 p.m.19 views

CVE-2026-47075

CVE-2026-47075 describes a CRLF injection in Hackney’s URL query handling. Hackney does not percent-encode CR/LF characters in the query string before forming the HTTP/1.1 request target, allowing an attacker who controls the URL to inject raw CRLF sequences and potentially perform HTTP header in...

7.5CVSS5.9AI score0.00033EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2026/05/25 2:0 p.m.35 views

CVE-2026-47075 CR/LF injection in query parameter in hackney

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

6.8CVSS0.00033EPSS
Exploits1References4
Rows per page
Query Builder