Lucene search
+L

3758 matches found

Cvelist
Cvelist
added yesterday9 views

CVE-2026-54465 websocket-driver: Memory exhaustion in HTTP header parser

websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, when websocket-driver is used to implement a WebSocket server on top of a TCP server using WebSocket::Driver.server or to complement a WebSocket client, a peer can make a single connection consume an unbounded...

6.3CVSS
Exploits0References2
CVE
CVE
added yesterday12 views

CVE-2026-9592

SEPPmail Secure Email Gateway & SEPPmail Cloud prior to 15.0.4.2 are vulnerable. The issue arises because the session token is disclosed in the URL and an HTTP header within the GINA web portal, allowing an attacker to replay and hijack a user session. Affected component: GINA web portal session ...

9.3CVSS5.3AI score
Exploits0References1
Nuclei
Nuclei
added yesterday113 views

Monstra CMS 3.0.4 - HTTP Header Injection

Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to...

6.1CVSS6.9AI score0.0302EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday15 views

esm.sh <= v136 - Arbitrary File Write via Path Traversal

esm.sh = 136 contains a path traversal caused by improper canonicalization of the X-Zone-Id HTTP header, letting attackers write files outside the intended storage directory, exploit requires crafted header input. id: CVE-2025-59342 info: name: esm.sh = v136 - Arbitrary File Write via Path...

6.9CVSS8.2AI score0.02829EPSS
Exploits2References3
Nuclei
Nuclei
added 2 days ago109 views

Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage

Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header. id: CVE-2015-2080 info: name: Eclipse Jetty 9.2.9.v20150224 - Sensitive Information Leakage author: pikpikcu severity: high description: Eclip...

7.5CVSS7AI score0.74881EPSS
Exploits16References5
OSV
OSV
added 3 days ago4 views

GHSA-74J5-XF3V-CRQ8 dd-trace-go: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

7.5CVSS6.1AI score0.00106EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 3 days ago9 views

websocket-driver: Memory exhaustion in HTTP header parser

Impact If this library is used to implement a WebSocket server on top of a TCP server rather than an HTTP server or framework using the WebSocket::Driver.server method, or, if it is used to complement a WebSocket client, then a peer can make a single connection consume an unbounded amount of memo...

6.3CVSS6AI score
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 3 days ago11 views

PT-2026-60360

Name of the Vulnerable Software and Affected Versions dd-trace-py versions prior to 4.8.2 Description Datadog tracing libraries implementing W3C baggage propagation fail to enforce limits on the number of items or total bytes when parsing incoming baggage HTTP headers during the extraction proces...

7.5CVSS5.4AI score0.00106EPSS
Exploits0References7
CVE
CVE
added 4 days ago15 views

CVE-2025-62826

Summary: CVE-2025-62826 describes an HTTP Response Splitting (CWE-113) in Fortinet FortiOS and FortiProxy products. Affected versions: FortiOS 7.6.0–7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions; FortiProxy 7.6.0–7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions. Root ca...

4.3CVSS6.2AI score0.00257EPSS
Exploits0References1Affected Software2
Tenable Nessus
Tenable Nessus
added 4 days ago21 views

Fortinet Fortigate Header injection in captive portal authentication form (FG-IR-26-153)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-153 advisory. - An Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting' vulnerability CWE-113 vulnerability ...

4.3CVSS6.2AI score0.00257EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.12 views

EulerOS 2.0 SP12 : busybox (EulerOS-SA-2026-2521)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line ...

8.8CVSS7.3AI score0.00375EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.14 views

EulerOS 2.0 SP12 : busybox (EulerOS-SA-2026-2581)

According to the versions of the busybox packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line...

8.8CVSS7.3AI score0.00375EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/08 4:19 p.m.39 views

CVE-2025-3110

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...

6.9CVSS0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/08 4:19 p.m.6 views

EUVD-2025-210441

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...

6.9CVSS6AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.13 views

PT-2026-56197

Name of the Vulnerable Software and Affected Versions Django versions prior to 6.0.7 Django versions prior to 5.2.16 Description An issue exists where DomainNameValidator fails to prohibit newlines in domain names. While CharField strips newlines when used via a form field, other implementations...

9.8CVSS6.1AI score0.25782EPSS
Exploits10References113
NVD
NVD
added 2026/07/06 11:16 a.m.11 views

CVE-2026-58226

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...

8.7CVSS0.00438EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 9:16 a.m.13 views

CVE-2026-48206

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel JIRA component. The camel-jira producers read their operation parameters - the issue key, project key, transition id, summary, type, assignee, components, watchers, link type, work-log minute...

5.3CVSS0.00349EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 9:3 a.m.5 views

CVE-2026-58226 Unauthenticated denial-of-service via unbounded HPACK integer decoding in hpax

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...

8.7CVSS6.1AI score0.00438EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/06 8:11 a.m.5 views

EUVD-2026-41845

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...

6AI score0.00341EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 8:10 a.m.8 views

EUVD-2026-41844

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

6.1AI score0.00385EPSS
Exploits0References1
Rows per page
Query Builder