Lucene search
K

442 matches found

NVD
NVD
added 2026/04/06 10:16 p.m.4 views

CVE-2026-35475

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

6.1CVSS0.00186EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/03 10:57 a.m.3 views

CVE-2026-29143

SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers...

9.1CVSS5.9AI score0.0025EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/03 2:37 a.m.3 views

HTTP Response Splitting

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to HTTP Response Splitting via the protocol.handle, protocol.registerSchemesAsPrivileged, or webRequest.onHeadersReceived...

6.5CVSS6AI score0.00211EPSS
Exploits0References3
NVD
NVD
added 2026/04/02 9:16 a.m.3 views

CVE-2026-29143

SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers...

9.1CVSS0.0025EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/02 8:49 a.m.2 views

CVE-2026-29143

SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers...

7.8CVSS5.9AI score0.0025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.3 views

PT-2026-29706

SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers...

7.8CVSS5.9AI score0.0025EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.9 views

CVE-2026-34442

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

6.1CVSS5.7AI score0.00219EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/01 9:20 p.m.8 views

AIOHTTP has CRLF injection through multipart part content type header construction

Summary An attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. Impact If an application allows untrusted data to be used for the multipart contenttype parameter when constructing a request, an attacker may be able to manipulate th...

6.9CVSS5.8AI score0.00315EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/31 10:16 p.m.7 views

CVE-2026-34442

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

6.1CVSS0.00219EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/31 9:28 p.m.4 views

CVE-2026-34442 FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

5.4CVSS5.7AI score0.00219EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/31 9:28 p.m.11 views

EUVD-2026-17673

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

5.4CVSS5.7AI score0.00219EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29374

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

6.1CVSS5.7AI score0.00219EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/29 11:13 a.m.3 views

CVE-2026-2442

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 2.0.7. This is due to the contact form handler performing placeholder substitution on...

5.3CVSS6AI score0.00297EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:29 p.m.4 views

CVE-2026-31951

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP Model Context Protocol servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server with headers containin...

6.8CVSS6AI score0.00244EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/03/27 6:31 p.m.4 views

HTTP Request Smuggling

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to HTTP Request Smuggling due to incorrect handling of white-spaces in HTTP request headers. An attacker can gain unauthorized access to restricted information or...

9.1CVSS5.4AI score0.00677EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.7 views

CVE-2026-29934

A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...

6.1CVSS5.8AI score0.00203EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.4 views

CVE-2026-22199

Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can...

8.7CVSS5.8AI score0.00976EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

Tandoor Recipes 安全漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes 2.5.3 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the default setting ALLOWEDHOSTS = , which could all...

8.1CVSS5.8AI score0.00304EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-28753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allo...

6.3CVSS5.7AI score0.00264EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.7 views

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 0.8 to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from a rate-limiting mechanism that relied on RealIP values. This allowed unverified users to bypass rate limits by...

5.3CVSS6.4AI score0.00328EPSS
Exploits1References2
Rows per page
Query Builder