Lucene search
K

15 matches found

CNNVD
CNNVD
added 2026/04/29 12:0 a.m.11 views

Starman 环境问题漏洞

Starman is a high-performance pre-derived web server developed by Tatsuhiko Miyagawa. Versions of Starman prior to 0.4018 contained an environmental issue vulnerability. This vulnerability stemmed from the HTTP request intercalation technique. Due to improper handling of header priorities, Starma...

7.5CVSS5.8AI score0.00487EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2026/03/16 12:0 a.m.3 views

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2026-1371)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS5.8AI score0.00557EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/21 12:0 a.m.3 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : cpp-httplib vulnerability (USN-7962-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7962-1 advisory. It was discovered that cpp-httplib did not correctly handle HTTP headers. A remote attacker could possibly use this issue to bypass...

10CVSS5.7AI score0.00307EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 7 : httpd24-nghttp2-1.7.1-7.el7, httpd24-curl-7.61.1-1.el7, httpd24-httpd-2.4.34-7.el7 (AXSA:2019-3739:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3739:01 advisory. httpd: Improper handling of headers in modsession can allow a remote user to modify session data for CGI applications CVE-2018-1283 httpd: Out of...

10CVSS6.7AI score0.86006EPSS
Exploits0References39
OSV
OSV
added 2026/01/14 4:22 p.m.6 views

USN-7962-1 cpp-httplib vulnerability

It was discovered that cpp-httplib did not correctly handle HTTP headers. A remote attacker could possibly use this issue to bypass authorization and impersonate users...

10CVSS5.8AI score0.00307EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/28 12:0 a.m.6 views

PbootCMS 安全漏洞

PbootCMS is PbootCMS open source an open source enterprise website content management system CMS developed using PHP language. A security vulnerability exists in PbootCMS 3.2.12 and earlier versions, which stems from the incorrect operation of the Header Handler component function getuserip on th...

6.9CVSS5.4AI score0.00215EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/01 2:32 a.m.9 views

CVE-2025-13803 MediaCrush Header paths.py http headers for scripting syntax

A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. The attack can be...

7.5CVSS0.00305EPSS
Exploits0References4
OSV
OSV
added 2025/06/16 1:37 a.m.10 views

USN-7568-1 requests vulnerabilities

Dennis Brinkrolf and Tobias Funke discovered that Requests did not correctly handle certain HTTP headers. A remote attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 14.04 LTS. CVE-2023-32681 Juho Forsén discovered that Requests did not correctly...

6.1CVSS6.7AI score0.02974EPSS
Exploits2References3
BDU FSTEC
BDU FSTEC
added 2025/04/30 12:0 a.m.10 views

The vulnerability of the netdevsim component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the netdevsim component in the Linux operating system’s kernel is related to improper handling of the network packet header in the nsimdevhealthbreakwrite function. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.7AI score0.00203EPSS
Exploits0References15Affected Software8
BDU FSTEC
BDU FSTEC
added 2024/03/20 12:0 a.m.7 views

The vulnerability of the aiohttp HTTP client, related to deficiencies in handling HTTP request headers, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the aiohttp HTTP client is related to deficiencies in the handling of HTTP request headers. Exploiting this vulnerability allows an attacker to send hidden HTTP requests remotely HTTP Request Smuggling attack...

7.8CVSS6.5AI score0.0085EPSS
Exploits1References7Affected Software3
SUSE CVE
SUSE CVE
added 2023/02/15 4:5 a.m.2 views

SUSE CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

7.5CVSS7.4AI score0.02501EPSS
Exploits0References3
Snyk
Snyk
added 2022/05/13 1:12 a.m.1 views

Information Exposure

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Information Exposure due to improper handling of HTTP headers in filelib.php. An attacker can access sensitive information by intercepting requests to a caching proxy server that has previously...

6.9CVSS6.6AI score0.01538EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2020/05/26 10:43 a.m.5 views

haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attacks

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return CR, ASCII 0xd, line feed LF, ASCII 0xa, and the zero character NUL, ASCII 0x0, aka Intermediary Encapsulation Attacks...

9.8CVSS5.8AI score0.03955EPSS
Exploits0References4
OSV
OSV
added 2020/01/21 10:15 p.m.3 views

DEBIAN-CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

7.5CVSS7.3AI score0.02501EPSS
Exploits0References1
OSV
OSV
added 2019/11/22 7:15 p.m.4 views

CVE-2019-19240

Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak...

5.3CVSS6.4AI score0.01541EPSS
Exploits1References3
Rows per page
Query Builder