Lucene search
K

79 matches found

CloudLinux
CloudLinux
added 2025/08/29 4:13 p.m.9 views

php: Fix of 3 CVEs

CVE-2025-1217: http stream wrapper: fix handling folded headers - CVE-2025-1734: http stream wrapper: fix handling headers with invalid name and no colon - CVE-2025-1861: fix http redirect location truncation...

9.8CVSS7AI score0.00821EPSS
Exploits1
OSV
OSV
added 2025/08/27 7:52 p.m.10 views

CLSA-2025-1756324356 Fix CVE(s): CVE-2025-49630

SECURITY UPDATE: denial of service attack caused by untrusted clients triggering assertion in modproxyhttp2 - debian/patches/CVE-2025-49630.patch: tolerate missing host header in h2 proxy to fix issue with HTTP/0.9 request without Host header - CVE-2025-49630...

7.5CVSS7.1AI score0.01149EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2025-38441

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nfflowpppoeproto syzbot found a potenti...

5.5CVSS6.1AI score0.00156EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/04 12:0 a.m.7 views

nextjs-auth0 安全漏洞

nextjs-auth0 is an Auth0 open source Next.js SDK for logging in using Auth0. A security vulnerability exists in nextjs-auth0 versions 4.0.1 through 4.6.0 and earlier, which stems from a missing Cache-Control header that could result in session cookies being cached by a CDN...

7.7CVSS6.4AI score0.00364EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.6 views

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel that stems from the ethskbpkttype function accessing skb data that does not contain an Ethernet header, which...

7.8CVSS6.3AI score0.00181EPSS
Exploits0References7
OSV
OSV
added 2025/02/04 7:36 p.m.6 views

CVE-2025-24964 Remote Code Execution when accessing a malicious website while Vitest API server is listening

Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking CSWSH attacks. When api option is enabled Vitest UI enables it, Vitest starts a...

9.6CVSS8.7AI score0.0067EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.6 views

PT-2024-15265 · Kiteworks · Kiteworks Owncloud

Name of the Vulnerable Software and Affected Versions: Kiteworks OwnCloud affected versions not specified Description: Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty strin...

6.8CVSS6.5AI score0.00205EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/03/02 12:0 a.m.3 views

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a driver that can process packets without the rfc1042 header...

7.1CVSS6AI score0.00236EPSS
Exploits0References8
OSV
OSV
added 2023/10/30 5:15 p.m.5 views

CVE-2023-36920

In SAP Enable Now - versions WPBMANAGER 1.0, WPBMANAGERCE 10, WPBMANAGERHANA 10, ENABLENOWCONSUMPDEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information...

6.1CVSS5.8AI score0.0031EPSS
Exploits0References2
Prion
Prion
added 2023/10/26 3:15 p.m.23 views

Code injection

ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to...

4.9CVSS5.7AI score0.00437EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.4 views

SAP Enable Now 安全漏洞

SAP Enable Now is a collaborative content creation, management and sharing platform from SAP. The platform is primarily used for online learning and training in SAP and non-SAP systems, among other things. A security vulnerability exists in SAP Enable Now that stems from an unimplemented...

5.3CVSS5.7AI score0.00404EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/06/13 3:19 p.m.3 views

flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header

A flaw was found in the Python Flask package. A cached response may contain data for one client sent by a proxy to other clients, including session cookies, resulting in the compromise of data confidentiality contained in the leak requests or cookies. This happens when the following conditions ar...

7.5CVSS7.1AI score0.01261EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.3 views

SUSE CVE-2008-2119

Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing aka pedanticsipchecking is enabled, allows remote attackers to cause a denial of service daemon crash via a SIP INVITE message that lacks a From header, related to...

4.3CVSS6.8AI score0.07273EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.6 views

SUSE CVE-2014-8638

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery...

6.8CVSS8.5AI score0.0102EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 5:11 a.m.4 views

SUSE CVE-2015-8466

Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header...

7.4CVSS7.3AI score0.02013EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.5 views

Siemens SCALANCE Series 安全漏洞

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A security vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices due to a specific security header missing from the affected device's web server...

5.3CVSS6.6AI score0.00677EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.4 views

PT-2022-24910 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: openfga/openfga versions 0.2.3 and prior Description: OpenFGA is an authorization/permission engine. The streamed-list-objects endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users who ar...

5.3CVSS6.8AI score0.00672EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.4 views

Siemens SINEMA Remote Connect Server 安全特征问题漏洞

SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunneled connections VPNs between headquarters, service technicians, and installed machines or plants.A standard security check implementation error vulnerability exists in Siemens SINEMA Remote Connect...

4.3CVSS5.7AI score0.00631EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.5 views

Jetbrains JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from Czech company JetBrains Jetbrains. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.JetBrains TeamCity has a security vulnerability that stems from a missi...

5.3CVSS5.6AI score0.00685EPSS
Exploits0References3
OSV
OSV
added 2020/04/02 8:15 p.m.3 views

CVE-2019-19002

For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting...

5.4CVSS5.8AI score0.00793EPSS
Exploits0References1
Rows per page
Query Builder