Lucene search
K

103597 matches found

IBM Security Bulletins
IBM Security Bulletins
added yesterday5 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a HTTP Request Smuggling Vulnerability in Netty (CVE-2026-33870)

Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the Server/Agent/Relay communication system. CVE-2026-33870. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...

7.5CVSS6.6AI score0.0064EPSS
Exploits1Affected Software1
CVE
CVE
added yesterday3 views

CVE-2026-58477

Sustainable Irrigation Platform SIP through version 5.2.16 contains a mass assignment vulnerability that allows unauthenticated attackers to overwrite sensitive configuration settings by supplying arbitrary parameter names in HTTP requests. Attackers can manipulate parameters corresponding to...

8.8CVSS6.1AI score
Exploits2References2Affected Software1
OSV
OSV
added yesterday23 views

ROOT-APP-MAVEN-CVE-2026-42584 CVE-2026-42584 in io.root.io.netty:netty-codec-http - Patched by Root

Root has patched CVE-2026-42584 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...

7.3CVSS5.8AI score0.0075EPSS
Exploits1
OSV
OSV
added yesterday16 views

ROOT-APP-MAVEN-CVE-2026-42587 CVE-2026-42587 in io.root.io.netty:netty-codec-http - Patched by Root

Root has patched CVE-2026-42587 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00887EPSS
Exploits1
OSV
OSV
added yesterday31 views

ROOT-APP-MAVEN-CVE-2025-67735 CVE-2025-67735 in io.root.io.netty:netty-codec-http - Patched by Root

Root has patched CVE-2025-67735 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...

6.5CVSS6.6AI score0.00292EPSS
Exploits1
OSV
OSV
added yesterday19 views

ROOT-APP-MAVEN-CVE-2026-33870 CVE-2026-33870 in io.root.io.netty:netty-codec-http - Patched by Root

Root has patched CVE-2026-33870 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.9AI score0.0064EPSS
Exploits1
OSV
OSV
added yesterday16 views

ROOT-APP-MAVEN-CVE-2026-42580 CVE-2026-42580 in io.root.io.netty:netty-codec-http - Patched by Root

Root has patched CVE-2026-42580 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...

6.5CVSS5.8AI score0.00364EPSS
Exploits1
OSV
OSV
added yesterday16 views

ROOT-APP-MAVEN-CVE-2026-42581 CVE-2026-42581 in io.root.io.netty:netty-codec-http - Patched by Root

Root has patched CVE-2026-42581 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...

5.8CVSS5.8AI score0.00607EPSS
Exploits1
OSV
OSV
added yesterday16 views

ROOT-APP-MAVEN-CVE-2026-41417 CVE-2026-41417 in io.root.io.netty:netty-codec-http - Patched by Root

Root has patched CVE-2026-41417 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...

5.3CVSS5.8AI score0.00307EPSS
Exploits1
OSV
OSV
added yesterday20 views

ROOT-APP-MAVEN-CVE-2026-42585 CVE-2026-42585 in io.root.io.netty:netty-codec-http - Patched by Root

Root has patched CVE-2026-42585 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...

6.5CVSS5.8AI score0.00248EPSS
Exploits1
NVD
NVD
added yesterday6 views

CVE-2026-58319

Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...

9.1CVSS0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday6 views

CVE-2026-6790

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...

5.3CVSS0.00196EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43646

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...

5.3CVSS6.1AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday6 views

CVE-2026-59246 Zero-length HTTP/2 CONTINUATION frames bypass Mint's header-block byte-size cap and exhaust client memory

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handlecontinuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2...

6.3CVSS0.00305EPSS
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-43643

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handlecontinuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2...

6.3CVSS6.2AI score0.00305EPSS
Exploits0References4
CVE
CVE
added yesterday7 views

CVE-2026-58229

The CVE-2026-58229 issue affects the Elixir Mint HTTP client. Mint.HTTP1.decode_headers/5 and Mint.HTTP1.decode_trailer_headers/4 accumulate all parsed response headers and trailer fields into a request.headers_buffer without a cap, and decoding uses unlimited per-line/packet limits. A malicious ...

8.2CVSS6.2AI score0.00305EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday4 views

CVE-2026-12606

Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling...

6.3CVSS0.00267EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-15075

In Eclipse Vert.x versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, DefaultRedirectHandler vertx-core propagates all request headers as-is across cross-origin HTTP 30x redirects. Only Content-Length is stripped; no origin comparison scheme, host, port is performed before copyin...

8.2CVSS6.2AI score0.00154EPSS
Exploits0References2Affected Software1
Nuclei
Nuclei
added yesterday27 views

McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting

McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request. id: CVE-2017-4011 info: name: McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting...

6.1CVSS6.4AI score0.03271EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday63 views

osTicket < v1.16.6 - Cross-Site Scripting

Cross-site Scripting XSS - Generic in GitHub repository osticket/osticket prior to v1.16.6. id: CVE-2023-1318 info: name: osTicket v1.16.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting XSS - Generic in GitHub repository osticket/osticket prior to...

5.4CVSS6.2AI score0.01015EPSS
Exploits1References2
Rows per page
Query Builder