Lucene search
K

4325 matches found

OSV
OSV
added 2026/06/25 1:34 p.m.2 views

SUSE-SU-2026:2633-1 Security update for nodejs24

This update for nodejs24 fixes the following issues Update to 24.17.0: - CVE-2026-2581: undici: Undici: Denial of Service due to uncontrolled resource consumption bsc1268480. - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response...

9.8CVSS6AI score0.02445EPSS
Exploits3References43
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Python 3.11

User-controlled header names and values containing newlines can allow for the injection of HTTP headers...

5.9CVSS6.7AI score0.00463EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Python 3.11

When folding a long comment within an email header that contains only printable characters, the parentheses will not be preserved. This can be exploited to inject headers into email messages where the addresses are controlled by users and not sanitized...

5.7CVSS7AI score0.0055EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Python 3.11

When using http.cookies.Morsel, user-controlled cookie values and parameters may allow the injection of HTTP headers into messages. The patch rejects all control characters within cookie names, values, and parameters...

6CVSS7AI score0.00401EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 12:59 p.m.6 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Operate / IBM Cloud Pak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Concert Operate version 5.1.0 Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency...

7.5CVSS6.9AI score0.00838EPSS
Exploits8Affected Software1
Redos
Redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0033

The vulnerability in Netty is related to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a remote attacker to inject arbitrary HTTP headers...

7.5CVSS7AI score0.00667EPSS
Exploits1
Cvelist
Cvelist
added 2026/06/23 10:9 p.m.27 views

CVE-2026-54588 Poweradmin has Host Header Injection in OIDC redirect_uri, SAML ACS/SLO URL, and Logout Redirect Construction.

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled HTTPHOST request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An...

9.6CVSS0.00312EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 10:9 p.m.20 views

CVE-2026-54588

Poweradmin (for PowerDNS) is affected by a Host Header Injection vulnerability in auth flows. Versions prior to 4.2.4 and 4.3.3 use the HTTP_HOST header as the authoritative source for building OIDC redirect_uri, SAML ACS/SLO URLs, and logout redirects without validation. An unauthenticated attac...

9.6CVSS6AI score0.00312EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 6:18 p.m.7 views

CVE-2026-52845

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers int...

8.1CVSS0.00246EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/06/23 5:52 p.m.5 views

CVE-2026-52845

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers int...

8.1CVSS5.9AI score0.00246EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/23 5:52 p.m.36 views

CVE-2026-52845 Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers int...

8.1CVSS0.00246EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:52 p.m.3 views

CVE-2026-52845 Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers int...

8.1CVSS5.9AI score0.00246EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 5:3 p.m.6 views

EUVD-2026-38537

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.3CVSS6AI score0.00146EPSS
Exploits1References3
NVD
NVD
added 2026/06/23 4:17 p.m.8 views

CVE-2026-55766

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled dat...

4.8CVSS0.00158EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 3:7 p.m.5 views

CVE-2026-55766

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled dat...

4.8CVSS5.8AI score0.00158EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51516

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.12 Description The software fails to validate cookie names within the setCookie, serialize, and serializeSigned functions. When an application uses a user-controlled cookie name, invalid characters such as control...

6.9CVSS5.8AI score0.00247EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/22 8:37 p.m.3 views

CVE-2026-49468 LiteLLM: Authentication Bypass via Host Header Injection

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0...

9.5CVSS5.8AI score0.00559EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/22 8:37 p.m.24 views

CVE-2026-49468 LiteLLM: Authentication Bypass via Host Header Injection

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0...

9.5CVSS0.00559EPSS
Exploits1References2
NVD
NVD
added 2026/06/22 6:16 p.m.14 views

CVE-2026-50269

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...

7.5CVSS0.00301EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/22 5:15 p.m.14 views

Important: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 4 on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.8CVSS7.6AI score0.01051EPSS
Exploits7References11
Rows per page
Query Builder