Lucene search
K

22184 matches found

OSV
OSV
added 2026/01/20 10:15 p.m.2 views

UBUNTU-CVE-2025-15282

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6CVSS5.8AI score0.0048EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/01/20 9:35 p.m.18 views

CVE-2025-15282 Header injection via newlines in data URL mediatype

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6CVSS0.0048EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2026/01/20 9:35 p.m.3 views

CVE-2025-15282

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6CVSS5.2AI score0.0048EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/01/20 9:35 p.m.3 views

CVE-2025-15282

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6CVSS5.3AI score0.0048EPSS
Exploits0References10Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/20 9:35 p.m.3 views

CVE-2025-15282 Header injection via newlines in data URL mediatype

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6CVSS5.4AI score0.0048EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/01/20 8:22 p.m.6 views

CVE-2026-1174

A vulnerability was determined in birkir prime up to 0.4.0.beta.0. This affects an unknown function of the file /graphql of the component GraphQL Alias Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

7.5CVSS5.2AI score0.00684EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/20 8:22 p.m.6 views

CVE-2026-1173

A vulnerability was found in birkir prime up to 0.4.0.beta.0. The impacted element is an unknown function of the file /graphql of the component GraphQL Array Based Query Batch Handler. The manipulation results in denial of service. The attack can be executed remotely. The exploit has been made...

9.8CVSS5.2AI score0.00678EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/20 7:20 p.m.4 views

CVE-2026-1171

A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is an unknown function of the file /graphql of the component GraphQL Field Handler. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit has been published and may be used. The...

7.5CVSS5.1AI score0.00494EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/20 7:20 p.m.5 views

CVE-2026-1172

A vulnerability has been found in birkir prime up to 0.4.0.beta.0. The affected element is an unknown function of the file /graphql of the component GraphQL Directive Handler. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit has been disclose...

7.5CVSS5AI score0.00494EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/20 11:24 a.m.6 views

CVE-2026-1150

A security flaw has been discovered in Totolink LR350 9.3.5u.6369B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be launched remotely...

8.8CVSS6.4AI score0.0235EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/20 10:21 a.m.9 views

CVE-2026-1149

A vulnerability was identified in Totolink LR350 9.3.5u.6369B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be initiated remotely. The...

8.8CVSS6.4AI score0.02714EPSS
Exploits1References1
NVD
NVD
added 2026/01/20 1:15 a.m.7 views

CVE-2026-1203

A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Executing a manipulation of the argument uid can lead to improper authentication. The attack may be...

8.1CVSS0.00703EPSS
Exploits1References4
OSV
OSV
added 2026/01/20 1:15 a.m.5 views

CVE-2026-1195

A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the attack remotely. The attack is considered ...

7.5CVSS5.2AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/20 1:2 a.m.5 views

CVE-2026-1203 CRMEB JSON Token LoginServices.php remoteRegister improper authentication

A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Executing a manipulation of the argument uid can lead to improper authentication. The attack may be...

6.3CVSS4.8AI score0.00703EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/01/20 12:26 a.m.5 views

SUSE CVE-2026-1144

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is...

8.8CVSS5.2AI score0.00349EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/20 12:0 a.m.4 views

CVE-2025-66902

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...

7.5CVSS5.5AI score0.00363EPSS
Exploits1References2
CVE
CVE
added 2026/01/20 12:0 a.m.12 views

CVE-2025-66803

CVE-2025-66803 describes a race condition in the turbo-frame element handler of Hotwired Turbo (pre-8.0.x). The issue can cause logout operations to fail when delayed frame responses reapply session cookies, enabling exploitation by delaying HTTP responses (network delays) or naturally on shared ...

4.8CVSS5.6AI score0.00242EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/20 12:0 a.m.4 views

CVE-2025-66803

Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...

4.8CVSS5.6AI score0.00242EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : thunderbird-128.2.0-1.el8_10.ML.1 (AXSA:2024-8858:20)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8858:20 advisory. thunderbird: 115.15/128.2 mozilla: Type confusion when looking up a property name in a with block CVE-2024-8381 mozilla: Internal event interfaces...

9.8CVSS5.6AI score0.04395EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 7 : curl-7.29.0-59.el7 (AXSA:2020-554:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-554:03 advisory. curl: heap buffer overflow in function tftpreceivepacket CVE-2019-5482 CVE-2019-5482 Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65....

9.8CVSS8.6AI score0.17939EPSS
Exploits0References2
Rows per page
Query Builder