Lucene search
K

349 matches found

Cvelist
Cvelist
added 2026/07/02 11:52 p.m.52 views

CVE-2026-54477 Gardyn IoT Hub Improper Neutralization of HTTP Headers for Scripting Syntax

The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...

5.4CVSS0.00238EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-53091

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: pull headers in qdiscpktlensegsinit Most ndostartxmit methods expects headers of gso packets to be already in skb-head. net/core/tso.c users are...

8.4CVSS6AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/24 8:21 p.m.8 views

CVE-2026-53091

A flaw was found in the Linux kernel's handling of Generic Segmentation Offload GSO packet headers. This vulnerability occurs when the qdiscpktlensegsinit function does not properly pull headers into the expected memory location, which can lead to incorrect processing by network drivers. A remote...

8.4CVSS5.9AI score0.00123EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 5:17 p.m.9 views

CVE-2026-53091

In the Linux kernel, the following vulnerability has been resolved: net: pull headers in qdiscpktlensegsinit Most ndostartxmit methods expects headers of gso packets to be already in skb-head. net/core/tso.c users are particularly at risk, because tsobuildhdr does a memcpyhdr, skb-data, hdrlen;...

8.4CVSS0.00123EPSS
Exploits0References5
OSV
OSV
added 2026/06/23 2:37 p.m.4 views

BIT-APISIX-2026-39998 Apache APISIX: Identity Injection via forward-auth Plugin Missing Header Cleanup

Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

8.8CVSS5.8AI score0.00403EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 12:8 p.m.2 views

SUSE-SU-2026:2487-1 Security update for rmt-server

This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...

7.5CVSS5.9AI score0.0043EPSS
Exploits0References22
Veracode
Veracode
added 2026/06/17 6:21 p.m.13 views

Improper Handling Of HTTP Headers

hono is vulnerable to Improper Handling of HTTP Headers. The vulnerability is due to using Headers.set instead of Headers.append when processing repeated request headers, which allows multiple header values to be overwritten and truncated, potentially enabling attackers to bypass security control...

4.8CVSS5.3AI score0.00114EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.8 views

netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling

A flaw was found in Netty, a network application framework. A remote attacker can exploit a vulnerability in the HTTP/2 Hypertext Transfer Protocol version 2 maximum header size handling. By sending a specific SETTINGSMAXHEADERLISTSIZE setting, an attacker can cause Netty to produce an exception...

6.9CVSS5.4AI score0.00302EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/06/16 2:32 p.m.6 views

NPM: hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

NPM: hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...

4.8CVSS5.8AI score0.00114EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:32 p.m.36 views

hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

Summary On AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so every value overwrites the previous one and only the last reaches the application. Repeated reques...

4.8CVSS5.4AI score0.00114EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/06 9:14 a.m.10 views

CVE-2026-10725

Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per index...

5.7AI score0.00414EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/06 7:55 a.m.80 views

Exploit for CVE-2026-48595

CVE-2026-48595 - elixir-tesla tesla Vulnerability Quick Us...

8.2CVSS5.5AI score0.00396EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

EulerOS Virtualization 2.12.1 : python3 (EulerOS-SA-2026-2085)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment...

6CVSS6.7AI score0.0056EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/06/04 12:29 p.m.19 views

USN-8384-1: Apache HTTP Server vulnerability

It was discovered that Apache HTTP Server incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause Apache HTTP Server to consume excessive resources, resulting in a denial of service...

7.5CVSS5.5AI score0.11471EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.67 views

Traefik 2.11.x < 2.11.38 / 3.x < 3.6.9 Connection Header Bypass

The version of Traefik installed on the remote macOS host is 2.11.x prior to 2.11.38 or 3.x prior to 3.6.9. It is, therefore, affected by a vulnerability: - A flaw exists in HTTP/1.1 request handling due to case-sensitive comparison of Connection header tokens against protected header names. An...

7.5CVSS7.6AI score0.00467EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/03 10:1 p.m.14 views

CVE-2026-48595

Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin redirects using a case-sensitive string comparison against a...

8.2CVSS5.8AI score0.00396EPSS
Exploits2References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/03 2:39 p.m.9 views

Security Bulletin: A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. (CVE-2026-4096)

Summary A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. Version 3.0.7 addresses the vulnerability. Vulnerability Details CVEID:CVE-2026-4096 DESCRIPTION: IBM DevOps Plan is vulnerable t...

6.5CVSS5.7AI score0.00149EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Tesla 安全漏洞

Tesla is an HTTP client software open source by Elixir Tesla. Versions of Tesla from 1.4.0 to 1.18.3 contained security vulnerabilities. These vulnerabilities stemmed from the use of case-sensitive string comparisons in handling security-sensitive headers. This could lead to credential leakage to...

8.2CVSS5.3AI score0.00396EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45838

Name of the Vulnerable Software and Affected Versions tesla versions 1.4.0 through 1.18.2 Description Improper handling of case sensitivity in the Tesla.Middleware.FollowRedirects middleware allows credential leakage to third-party origins during cross-origin redirects. The system uses a...

8.2CVSS6AI score0.00396EPSS
Exploits2References13
Tenable Nessus
Tenable Nessus
added 2026/06/01 12:0 a.m.12 views

Ubuntu 25.10 / 26.04 LTS : multipart vulnerability (USN-8343-1)

The remote Ubuntu 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8343-1 advisory. It was discovered that multipart had an ambiguous regular expression alternation when handling certain HTTP header values. A remote attacker could possibl...

7.5CVSS7.3AI score0.00699EPSS
Exploits0References2
Rows per page
Query Builder