Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

Snyk
Snykadded 2024/09/19 11:50 p.m.1 views

HTTP Request Smuggling

Overview puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process...

8.2CVSS6.9AI score0.00803EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2024/09/19 10:42 p.m.20 views

CVE-2024-45614 Header normalization allows for client to clobber proxy set headers in Puma

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...

5.4CVSS6.9AI score0.00803EPSS
Exploits0References2
Cvelist
Cvelistadded 2024/09/19 10:42 p.m.30 views

CVE-2024-45614 Header normalization allows for client to clobber proxy set headers in Puma

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...

5.4CVSS0.00803EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2023/10/09 10:29 a.m.0 views

Node.js: Regular Expression Denial of Service in Headers fetch API

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

7.5CVSS7.2AI score0.00305EPSS
Exploits0References4
OSV
OSVadded 2023/02/16 6:15 p.m.1 views

DEBIAN-CVE-2023-24807

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

7.5CVSS7AI score0.00305EPSS
Exploits0References1
CNNVD
CNNVDadded 2021/12/09 12:0 a.m.1 views

Google Golang 资源管理错误漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

7.5CVSS7AI score0.00088EPSS
Exploits0References54
Check Point Advisories
Check Point Advisoriesadded 2015/07/16 12:0 a.m.1 views

Suspicious Sender Address

Most mail transfer agents perform certain normalizations over mail headers, including the sender address. A non-normalized sender address may imply a non-standard mail transfer agent, which could indicate suspicious activity...

1.6AI score
Exploits0
Rows per page
Query Builder