Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1076 matches found

OSV
OSVadded 2022/02/20 6:15 p.m.13 views

CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS...

5.9CVSS7.1AI score
Exploits0References3
NVD
NVDadded 2022/02/20 6:15 p.m.7 views

CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS...

5.9CVSS0.00217EPSS
Exploits0References3
Prion
Prionadded 2022/02/20 6:15 p.m.11 views

Design/Logic Flaw

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS...

4.3CVSS5.7AI score0.00217EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2022/02/20 5:52 p.m.11 views

CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS...

6AI score0.00217EPSS
Exploits0References3
Huntr
Huntradded 2022/02/14 10:22 p.m.28 views

in medialize/uri.js

Description Bypass for https://huntr.dev/bounties/1625558772840-medialize/URI.js/ urijs fixed the issue for CVE-2021-3647, however an attacker can still exploit the issue due to case-sensitive checks in the earlier patch. Attacker can use case-insensitive protocol schemes like HTTP, htTP, HTtp et...

6.4CVSS0.00175EPSS
Exploits2
RedHat Linux
RedHat Linuxadded 2022/02/14 1:6 p.m.3 views

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

6.5CVSS6.8AI score0.00381EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2022/02/10 7:47 p.m.46 views

CVE-2022-0536

A flaw was found in the follow-redirects package. This flaw allows the exposure of sensitive information to an unauthorized actor due to the usage of insecure HTTP protocol. This issue happens with an Authorization header leak from the same hostname, https-http, and requires a Man-in-the-Middle...

5.9CVSS1.3AI score0.00069EPSS
Exploits0References3
CISA KEV Catalog
CISA KEV Catalogadded 2022/02/10 12:0 a.m.41 views

Microsoft HTTP.sys Remote Code Execution Vulnerability

Microsoft HTTP protocol stack HTTP.sys contains a vulnerability that allows for remote code execution...

10CVSS7AI score0.9431EPSS
In wildExploits16
NVD
NVDadded 2022/02/04 2:15 a.m.12 views

CVE-2021-45735

TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software...

7.5CVSS0.00248EPSS
Exploits1References1
Prion
Prionadded 2022/02/04 2:15 a.m.14 views

Design/Logic Flaw

TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software...

5CVSS7.7AI score0.00248EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2022/02/04 1:33 a.m.15 views

CVE-2021-45735

TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software...

7.9AI score0.00248EPSS
Exploits1References1
RedHat Linux
RedHat Linuxadded 2022/02/03 12:20 p.m.2 views

varnish: HTTP/1 request smuggling vulnerability

A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language VCL processing since the Varnish server treats it as an additional request...

9.1CVSS7AI score0.00344EPSS
Exploits0References5
OSV
OSVadded 2022/02/01 1:15 p.m.2 views

UBUNTU-CVE-2021-43848

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

7.4CVSS6.3AI score0.133EPSS
Exploits1References4
NVD
NVDadded 2022/01/25 8:15 p.m.14 views

CVE-2022-23018

On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel TMM...

7.5CVSS0.00611EPSS
Exploits0References1
Prion
Prionadded 2022/01/25 8:15 p.m.18 views

Design/Logic Flaw

On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel TMM...

7.1CVSS7.5AI score0.00611EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2022/01/25 7:11 p.m.114 views

CVE-2022-23018

Concrete details: CVE-2022-23018 affects BIG-IP AFM when a virtual server uses both HTTP protocol security and HTTP Proxy Connect profiles, causing TMM termination and DoS. Affected AFM/versions per advisory: 16.1.0–16.1.1 vulnerable; fixed in 16.1.2. 15.1.x vulnerable in 15.1.2.1–15.1.4, fixed i...

7.5CVSS7.5AI score0.00611EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2022/01/25 7:11 p.m.20 views

CVE-2022-23018

On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel TMM...

7.7AI score0.00611EPSS
Exploits0References1
BDU FSTEC
BDU FSTECadded 2022/01/20 12:0 a.m.4 views

The vulnerability of the Http2MultiplexHandler class in the Netty network programming framework is related to a lack of interpretation for HTTP requests. This vulnerability allows attackers to compromise data integrity.

The vulnerability of the Http2MultiplexHandler class in the Netty network programming framework is related to improper handling of requests during the conversion from HTTP/2 to HTTP/1.1. Exploiting this vulnerability allows an attacker to compromise data integrity...

5.9CVSS6.4AI score0.0061EPSS
Exploits0References9Affected Software4
GithubExploit
GithubExploitadded 2022/01/17 3:42 p.m.350 views

Exploit for CVE-2022-21907

CVE-2022-21907 - Double Free in http.sys driver !./.github...

10CVSS8.9AI score0.93069EPSS
Exploits40
GithubExploit
GithubExploitadded 2022/01/17 2:28 a.m.348 views

Exploit for CVE-2022-21907

This is a PoC exploit for CVE-2022-21907, a HTTP Protocol Stack...

10CVSS9.7AI score0.91887EPSS
Exploits21
Rows per page
Query Builder