Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

102452 matches found

SUSE CVE
SUSE CVEadded 2026/03/31 11:28 p.m.2 views

SUSE CVE-2026-24030

An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly...

5.3CVSS5.9AI score0.00007EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/03/31 10:58 p.m.2 views

CVE-2026-32696

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

3.1CVSS5.8AI score0.00033EPSS
Exploits1References1
OSV
OSVadded 2026/03/31 10:16 p.m.2 views

DEBIAN-CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

6.5CVSS5.7AI score0.00065EPSS
Exploits1References1
SUSE Linux
SUSE Linuxadded 2026/03/31 10:2 p.m.1 views

Security update for python-tornado

This update for python-tornado fixes the following issues: CVE-2025-67724: missing validation of the supplied reason phrase bsc1254903. CVE-2025-67725: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254905. CVE-2026-31958: parsing large multipa...

8.7CVSS6.4AI score0.00212EPSS
Exploits0References14
OSV
OSVadded 2026/03/31 9:21 p.m.3 views

CVE-2026-34441 cpp-httplib: HTTP Request Smuggling via Unconsumed GET Request Body

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

4.8CVSS5.7AI score0.00065EPSS
Exploits1References4
CVE
CVEadded 2026/03/31 9:21 p.m.4 views

CVE-2026-34441

cpp-httplib (C++11 single-file header-only HTTP/HTTPS library) is vulnerable to HTTP Request Smuggling prior to version 0.40.0. The server’s static file handler serves GET responses without consuming the request body, so on HTTP/1.1 keep-alive connections unread body bytes remain on the TCP strea...

6.5CVSS5.7AI score0.00065EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/31 9:21 p.m.3 views

CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

4.8CVSS5.7AI score0.00065EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2026/03/31 9:21 p.m.4 views

EUVD-2026-17672

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

4.8CVSS5.7AI score0.00065EPSS
Exploits1References2
Debian CVE
Debian CVEadded 2026/03/31 9:21 p.m.3 views

CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

6.5CVSS5.7AI score0.00065EPSS
Exploits1
ATTACKERKB
ATTACKERKBadded 2026/03/31 8:52 p.m.0 views

CVE-2026-34733

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition...

6.5CVSS5.9AI score0.00022EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/31 8:31 p.m.0 views

CVE-2026-34381

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

7.5CVSS5.7AI score0.00054EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2026/03/31 8:31 p.m.3 views

EUVD-2026-17622

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

7.5CVSS5.7AI score0.00054EPSS
Exploits1References2
NVD
NVDadded 2026/03/31 8:16 p.m.0 views

CVE-2026-34784

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.71 and 9.7.1-alpha.1, file downloads via HTTP Range requests bypass the afterFindParse.File trigger and its validators on storage adapters that support streaming e.g. the...

8.2CVSS0.00016EPSS
Exploits0References5
CVE
CVEadded 2026/03/31 7:39 p.m.6 views

CVE-2026-34784

Parse Server has a vulnerability where file downloads via HTTP Range requests bypass the afterFind(Parse.File) trigger and its validators on streaming storage adapters (e.g., GridFS). This can let an attacker access files that should be protected by authorization logic. The issue is fixed in vers...

8.2CVSS5.8AI score0.00016EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2026/03/31 4:56 p.m.2 views

CVE-2026-34359 HAPI FHIR: Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect in HAPI FHIR Core

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured...

7.4CVSS5.8AI score0.00035EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/03/31 4:56 p.m.1 views

CVE-2026-34359 HAPI FHIR: Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect in HAPI FHIR Core

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured...

7.4CVSS5.8AI score0.00035EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/03/31 1:43 p.m.3 views

CVE-2026-34162 FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft

FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint /api/core/app/httpTools/runTool is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers,...

10CVSS5.8AI score0.00237EPSS
Exploits1References4
OSV
OSVadded 2026/03/31 1:43 p.m.2 views

CVE-2026-34162 FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft

FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint /api/core/app/httpTools/runTool is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers,...

10CVSS5.8AI score0.00237EPSS
Exploits1References6
CVE
CVEadded 2026/03/31 1:43 p.m.6 views

CVE-2026-34162

Product: FastGPTVulnerability: Unauthenticated SSRF via the /api/core/app/httpTools/runTool endpointImpact: Potential internal API key theft; full server-side HTTP proxy behavior exposes response dataAffected versions: before 4.14.9.5Fix/mitigation: Upgrade to 4.14.9.5 (patched)CVSSv3.1: 10.0 (CR...

10CVSS5.8AI score0.00237EPSS
Exploits1References4Affected Software1
EUVD
EUVDadded 2026/03/31 12:31 p.m.3 views

EUVD-2026-17403

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

6.5CVSS5.9AI score0.00002EPSS
Exploits0References2
Rows per page
Query Builder