Lucene search
K

170 matches found

OSV
OSV
added last week3 views

DEBIAN-CVE-2026-58058

Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...

6.9CVSS5.9AI score0.00278EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 12:8 p.m.2 views

SUSE-SU-2026:2487-1 Security update for rmt-server

This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...

7.5CVSS5.9AI score0.0043EPSS
Exploits0References22
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. Carefully crafted headers may cause header parsing in Rack to take longer than expected, potentially leading to a denial-of-service issue. The Accept and Forwarded headers are affected. Ruby 3.2 includes fixes for this problem, so Rack applications tha...

7.5CVSS6.1AI score0.01996EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.9 views

netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers

A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested PP2TYPESSL type-length-value TLV records. This can lead to a memory leak, causing the underlying cumulation...

8.7CVSS5.6AI score0.0059EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/15 2:36 p.m.7 views

CVE-2026-12043

A flaw was found in the AWS Common Runtime aws-c-http library. A remote attacker, by operating a malicious server, could send a crafted sequence of HTTP/2 HEADERS frames that improperly handle HPACK dynamic table size updates. This could lead to memory corruption on a connecting client applicatio...

8.8CVSS5.7AI score0.00351EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 12:31 a.m.11 views

EUVD-2026-35908

JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Combined with Jackson's default bean deserialization, a producer could supply crafted...

8.1CVSS5.6AI score0.00489EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/15 9:35 a.m.141 views

Exploit for CVE-2026-8181

EN: Controlled PoC and brief technical notes for authorized secu...

9.8CVSS5.7AI score0.14608EPSS
Exploits10
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.10 views

CVE-2026-42355

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive ASAR parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.16 views

PT-2026-40355

Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1697.0 Description An uncontrolled recursion issue exists in the Electron Archive ASAR parser. When opening a specially crafted .asar file containing deeply nested JSON in the header, the...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/24 7:19 p.m.13 views

Server-side Request Forgery (SSRF)

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the AxiosHeaders normalization path and shouldBypassProxy helper. An attacker can smuggle CRLF and other control characters into...

7.5CVSS5.4AI score0.00301EPSS
Exploits1References2
Rockylinux
Rockylinux
added 2026/04/14 12:3 a.m.8 views

nodejs:20 security update

An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.7CVSS6.9AI score0.26356EPSS
Exploits2
Snyk
Snyk
added 2026/04/02 6:20 p.m.5 views

Denial of Service (DoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

8.7CVSS6AI score0.0043EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/02 6:0 a.m.29 views

CVE-2026-1540 Spam Protect for Contact Form 7 < 1.2.10 - Editor+ Remote Code Execution

The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header...

0.00639EPSS
Exploits0References1
CVE
CVE
added 2026/03/12 4:45 p.m.33 views

CVE-2026-28356

The CVE affects the Python library multipart (fast multipart/form-data parser). Before versions 1.2.2, 1.3.1, and 1.4.0-dev, parse_options_header() uses a regex with an ambiguous alternation that can cause exponential backtracking (ReDoS) when processing malicious HTTP headers or multipart/form-d...

7.5CVSS5.8AI score0.00606EPSS
Exploits0References8
OSV
OSV
added 2026/03/06 7:16 p.m.5 views

CVE-2025-69649

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into displayrelocations, resulting in a segmentation fault SIGSEGV and...

7.5CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/06 7:16 p.m.3 views

DEBIAN-CVE-2025-69649

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into displayrelocations, resulting in a segmentation fault SIGSEGV and...

7.5CVSS4.7AI score0.00256EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.6 views

Fortinet FortiOS 环境问题漏洞

Fortinet FortiOS is a security operating system developed by Fortinet Corporation, specifically for use on the FortiGate network security platform. This system provides users with various security features, including firewalls, antivirus protection, IPSec/SSL VPN, web content filtering, and...

5.8CVSS6.1AI score0.00351EPSS
Exploits0References2
Saint
Saint
added 2026/01/23 12:0 a.m.119 views

Oracle HTTP Server and Weblogic Proxy Plug-in vulnerability

Added: 01/23/2026 Background Oracle HTTP Server is the web server component for Oracle Fusion Middleware. Problem A vulnerability in Oracle HTTP Server and Weblogic Proxy Plug-in could allow a remote attacker to execute arbitrary commands by requesting a specially crafted path which allows...

6.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.6 views

MiracleLinux 3 : dovecot-1.0.7-7.1.0.1.AXS3 (AXSA:2011-295:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-295:01 advisory. Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in eith...

5CVSS5.8AI score0.0325EPSS
Exploits0References2
OSV
OSV
added 2026/01/12 10:30 a.m.5 views

SUSE-SU-2026:20028-1 Security update for python-tornado6

This update for python-tornado6 fixes the following issues: - CVE-2025-67724: unescaped reason argument used in HTTP headers and in HTML default error pages can be used by attackers to launch header injection or XSS attacks bsc1254903. - CVE-2025-67725: quadratic complexity of string concatenatio...

7.5CVSS5.7AI score0.00396EPSS
Exploits0References7
Rows per page
Query Builder