Lucene search
+L

758 matches found

Cvelist
Cvelist
added 2026/06/25 6:0 p.m.22 views

CVE-2026-46611 Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

5.3CVSS0.00156EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 1:16 p.m.4 views

CVE-2026-42389 Reject more queries with invalid header values

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

5.3CVSS5.9AI score0.00175EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 9:31 a.m.9 views

EUVD-2026-39336

In the Linux kernel, the following vulnerability has been resolved: netfilter: require Ethernet MAC header before using ethhdr ip6teui64, xtmac, the bitmap:ip,mac, hash:ip,mac, and hash:mac ipset types, and nflogsyslog access ethhdrskb after either assuming that the skb is associated with an...

5.7AI score0.00431EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52291

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap overflow exists in the build i2c fw hdr function. The function allocates a fixed-size buffer but copies a number of bytes determined by the Length variable from the firmware file...

7.8CVSS6.1AI score0.00153EPSS
Exploits0References22
OSV
OSV
added 2026/06/24 1:10 p.m.7 views

OESA-2026-2698 libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: A flaw was found in libsoup. The HTTP/2 server in libsoup may not...

8.6CVSS6.9AI score0.00947EPSS
Exploits1References7
OSV
OSV
added 2026/06/24 11:7 a.m.4 views

BIT-NIFI-2026-54665 Apache NiFi: Missing Validation for Proxy Host Headers

Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in...

6.3CVSS5.9AI score0.00268EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 7:14 a.m.16 views

CVE-2026-52942

The CVE corresponds to a Linux kernel netfilter nf_log issue where the fallback dump_mac_header() could read past the buffer if the MAC header was not set. The root cause was testing mac_header against network_header without verifying skb_mac_header_was_set(), causing skb_mac_header to point far ...

7.1CVSS5.7AI score0.00123EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/06/24 7:14 a.m.36 views

CVE-2026-52942 netfilter: nf_log: validate MAC header was set before dumping it

In the Linux kernel, the following vulnerability has been resolved: netfilter: nflog: validate MAC header was set before dumping it The fallback path of dumpmacheader guards the MAC header access only with "skb-macheader != skb-networkheader", without checking skbmacheaderwasset. When the MAC...

7.1CVSS0.00123EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/22 9:31 p.m.11 views

Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack

Summary The Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. CVE-2026-32632 patched in 4.5.2 added TrustedHostMiddleware to the REST/WebUI server; the MCP server has had equivalent protectio...

5.3CVSS6.1AI score0.00156EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/22 8:17 a.m.16 views

CVE-2026-54665

Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in...

6.3CVSS0.00268EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 7:34 a.m.47 views

CVE-2026-54665 Apache NiFi: Missing Validation for Proxy Host Headers

Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in...

6.3CVSS0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 7:34 a.m.12 views

EUVD-2026-38216

Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in...

6.3CVSS5.9AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 7:34 a.m.28 views

CVE-2026-54665

Apache NiFi (versions 0.0.1–2.9.0) is affected by an input-validation flaw where URL redirection/data references can be influenced by non-standard host headers. NiFi 1.6.0 added a proxy-host header validation mechanism, but validation was not applied to alternative headers (X-ProxyHost, X-Forward...

6.3CVSS5.9AI score0.00268EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/22 7:34 a.m.4 views

CVE-2026-54665 Apache NiFi: Missing Validation for Proxy Host Headers

Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in...

6.3CVSS6AI score0.00268EPSS
Exploits0References5
OSV
OSV
added 2026/06/19 11:2 a.m.4 views

SUSE-SU-2026:2466-1 Security update for azure-storage-azcopy

This update for azure-storage-azcopy fixes the following issues Update to 10.32.4: - CVE-2025-47907: database/sql: incorrect results returned from Rows.Scan bsc1247720. - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header...

9.6CVSS6.3AI score0.01557EPSS
Exploits1References12
OSV
OSV
added 2026/06/19 9:44 a.m.4 views

SUSE-SU-2026:2464-1 Security update for python313

This update for python313 fixes the following issues Security issues: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: Base64 decoding stops at first padded quad by default bsc1261970. - CVE-2026-4786: oss-security CPython: Incomplete mitigati...

9.1CVSS6.3AI score0.00579EPSS
Exploits1References13
EUVD
EUVD
added 2026/06/18 4:13 p.m.12 views

EUVD-2026-37913

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

5.1CVSS5.3AI score0.00289EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 4:13 p.m.28 views

CVE-2026-54106

CVE-2026-54106 affects the U.S. GAO EPDS and CBCA EDS login flow, where X-Forwarded-For headers are not validated. The underlying issue allows a remote attacker who has compromised administrator credentials to bypass network access controls and log in, potentially gaining access to restricted doc...

5.1CVSS5.3AI score0.00289EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.23 views

PT-2026-50743

Name of the Vulnerable Software and Affected Versions opentelemetry-collector-contrib affected versions not specified Description The githubreceiver webhook handler fails to enforce the required headers configuration. While these headers are validated during startup, they are not checked on...

6.9CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.24 views

PT-2026-50706

Name of the Vulnerable Software and Affected Versions U.S. GAO Electronic Protest Docketing System EPDS affected versions not specified U.S. CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing...

5.1CVSS5.8AI score0.00289EPSS
Exploits0References8
Rows per page
Query Builder