Lucene search
K

56 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3494 (ALAS-2026-3494)

The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3494 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Amazon Linux 2023 : rclone (ALAS2023-2026-1907)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1907 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD reques...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References4
Amazon
Amazon
added 2026/06/29 12:0 a.m.6 views

Critical: rclone

Issue Overview: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from th...

9.8CVSS5.8AI score0.00701EPSS
Exploits0
NVD
NVD
added 2026/06/11 8:16 p.m.12 views

CVE-2026-53781

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

5.3CVSS0.00329EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/11 7:11 p.m.31 views

CVE-2026-53781 Summarize < 0.17.0 Disk Exhaustion via Uncapped Media Download

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

5.3CVSS0.00329EPSS
Exploits0References4
CVE
CVE
added 2026/06/11 7:11 p.m.20 views

CVE-2026-53781

The CVE affects the Summarize utility prior to version 0.17.0. Vulnerable path is the temp-file-based media download, where an unbounded response can be streamed via the download/response path, causing disk and resource exhaustion. Root cause: responses bypass the enforced size limit due to missi...

5.3CVSS5.5AI score0.00329EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48731

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

5.3CVSS5.5AI score0.00329EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-9813

FlowIntel up to version 3.3.0 contains a server-side request forgery SSRF vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specifi...

9.9CVSS5.5AI score0.00232EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 7:36 p.m.11 views

GHSA-GQ96-5PFX-F4VC Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation

Summary The /api/action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...

4.1CVSS5.9AI score0.00051EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

flowintel 安全漏洞

Flowintel is an open-source security analyst case and task management platform developed by flowintel. Versions of FlowIntel 3.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the external reference URL detection function in the app/case/task.py file, which has a...

6.2CVSS5.8AI score0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44366

Name of the Vulnerable Software and Affected Versions FlowIntel versions prior to 3.3.1 Description An issue exists in the external reference URL probe functionality within app/case/task.py. An attacker can submit an external reference URL to force the application server to issue an HTTP HEAD...

9.9CVSS5.5AI score0.00232EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 9:12 p.m.9 views

GHSA-6439-2F28-8P8Q Symfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]

Description Symfony's IsGranted'...', IsSignatureValid, and IsCsrfTokenValid... attributes allow you to define a methods: ... argument to only enforce these checks for the listed HTTP methods and skip them otherwise. E.g. an attribute defining methods: 'GET' would be ignored for a HEAD request. O...

8.6CVSS5.8AI score0.00052EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-44144

Description Symfony's IsGranted'...', IsSignatureValid, and IsCsrfTokenValid... attributes allow you to define a methods: ... argument to only enforce these checks for the listed HTTP methods and skip them otherwise. E.g. an attribute defining methods: 'GET' would be ignored for a HEAD request. O...

8.6CVSS5.8AI score0.00052EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Tomcat9

There is a vulnerability related to improper input validation in Apache Tomcat. Tomcat did not restrict HTTP/0.9 requests to only the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, users could bypass this constraint on GET requests by...

6.5CVSS7.5AI score0.00494EPSS
Exploits0References2
Rosalinux
Rosalinux
added 2026/05/19 2:16 p.m.11 views

Advisory ROSA-SA-2026-3279

software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-16 affected versions tomcat-9.0.37-16 CVE-ID: CVE-2026-24733 BDU-ID: None CVE-Crit: LOW CVE-DESC.: An invalid input validation vulnerability in Apache Tomcat allows a remote attacker to bypass security restrictions by...

6.5CVSS6.9AI score0.00494EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/07 12:21 a.m.14 views

Netty has HttpClientCodec response desynchronization

Summary If HttpClientCodec is configured, there are use cases when a response body from one request, can be parsed as another's. Details HttpClientCodec pairs each inbound response with an outbound request by queue.poll once per response, including for 1xx. If the client pipelines GET then HEAD a...

9.1CVSS5.8AI score0.0075EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/05/05 9:16 p.m.8 views

CVE-2026-35527

Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The imgPostURLInfo function...

5.3CVSS0.00271EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

nest 安全漏洞

Nest is a Node.js framework developed by NestJS, designed for building efficient, scalable, and enterprise-level server-side applications using TypeScript/JavaScript. Versions of Nest 11.1.15 and earlier contain security vulnerabilities. These vulnerabilities stem from Fastify automatically...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/17 6:38 p.m.6 views

Always-Incorrect Control Flow Implementation

Overview @nestjs/core is a Nest - modern, fast, powerful node.js web framework @core Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when handling a @nestjs/platform-fastify HEAD request. An attacker can bypass middleware logic by sending malicious...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References2
OSV
OSV
added 2026/03/17 6:38 p.m.5 views

GHSA-WF42-42FG-FG84 Nest Fastify HEAD Request Middleware Bypass

Impact In a NestJS application using @nestjs/platform-fastify, GET middleware can be bypassed because Fastify automatically redirects HEAD requests to the corresponding GET handlers if they exist. As a result: - Middleware will be completely skipped. - The HTTP response won't include a body since...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References5
Rows per page
Query Builder