Lucene search
K

3931 matches found

NVD
NVD
added 2025/11/26 8:15 p.m.7 views

CVE-2025-7449

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing...

6.5CVSS0.00362EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/26 7:46 p.m.3 views

CVE-2025-7449 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing...

6.5CVSS6.2AI score0.00362EPSS
Exploits0References3
OSV
OSV
added 2025/11/26 7:46 p.m.6 views

CVE-2025-7449 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing...

6.5CVSS6.5AI score0.00362EPSS
Exploits0References6
Hacker One
Hacker One
added 2025/11/26 7:35 a.m.21 views

curl: runs javascript on powershell when it shouldnt

On windows, if I run a curl on powershell for a script that should show alert1 it just executes the script when it shouldn't. I did not use AI to find or report this bug. Affected version on CMD I ran curl --version curl 8.16.0 Windows libcurl/8.16.0 Schannel zlib/1.3.1 WinIDN on powershell it...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.4 views

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE versions 8.3 through before 18.4.5, 18...

6.5CVSS6.2AI score0.00362EPSS
Exploits0References4
OSV
OSV
added 2025/11/20 10:15 p.m.5 views

CVE-2025-36160

IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system...

7.5CVSS6.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.9 views

TencentOS Server 3: ruby:3.1 (TSSA-2024:0106)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0106 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.8CVSS8.1AI score0.02637EPSS
Exploits1References5
Mageia
Mageia
added 2025/11/18 2:47 a.m.19 views

Updated apache packages fix security vulnerabilities

HTTP response splitting. CVE-2024-42516 SSRF with modheaders setting Content-Type header. CVE-2024-43204 modssl error log variable escaping. CVE-2024-47252 modproxyhttp2 denial of service. CVE-2025-49630 modssl access control bypass with session resumption. CVE-2025-23048 modssl TLS upgrade attac...

9.1CVSS6.9AI score0.04409EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.3 views

EulerOS 2.0 SP12 : httpd (EulerOS-SA-2025-2359)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications...

7.5CVSS7.5AI score0.03914EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/11/12 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2025-2328)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.00679EPSS
Exploits0References2
OSV
OSV
added 2025/11/11 11:36 a.m.5 views

BIT-DJANGO-2025-64458 Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and the shortcut django.shortcuts.redirect were subject to a...

7.5CVSS6.8AI score0.0193EPSS
Exploits1References4
Snyk
Snyk
added 2025/11/05 3:46 p.m.8 views

Inefficient Algorithmic Complexity

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the HttpResponseRedirect and HttpResponsePermanentRedirect functions when processing input...

8.7CVSS7AI score0.0193EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2025/11/01 10:54 a.m.5 views

Astra Linux – Vulnerability in Apache2

HTTP response splitting in the core of the Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server to split the HTTP response. This vulnerability was identified as CVE-2023-38709, but the patch included in Apache...

7.5CVSS6.6AI score0.00679EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/07 12:31 a.m.6 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the Content-Disposition header. An attacker can manipulate the file extension of downloaded vCard files by supplying crafted input, potentially leading to user confusion or further exploitation. Remediation...

5.4CVSS7AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-4434

Malware in sbrugna...

10CVSS6AI score0.03218EPSS
Exploits0References21
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-26160

Malware in sbrugna...

4.4CVSS5AI score0.00302EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-1602

Malware in sbrugna...

7.5CVSS6.4AI score0.01661EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2006-6357

Malware in sbrugna...

7.5CVSS6.4AI score0.01382EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-17010

Malware in sbrugna...

6.5CVSS6.5AI score0.00694EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-30526

Malware in sbrugna...

9.3CVSS8.6AI score0.04244EPSS
Exploits0References4
Rows per page
Query Builder