Lucene search
+L

35 matches found

OSV
OSV
added 2026/06/22 9:4 p.m.3 views

CVE-2026-56306 Capgo - Subkey Enforcement Bypass via x-limited-key-id Header Parsing

Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header ...

5.3CVSS6AI score0.00251EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47626

Name of the Vulnerable Software and Affected Versions Puma versions 5.5.0 through 7.2.0 Puma versions 8.0.0 through 8.0.1 Description Puma is susceptible to source IP spoofing when persistent connections are used and the set remote address proxy protocol: :v1 configuration is enabled. The issue...

7.5CVSS6.2AI score0.00177EPSS
Exploits0References12
CVE
CVE
added 2026/04/23 9:51 p.m.41 views

CVE-2026-2708

CVE-2026-2708 affects the Libsoup HTTP/1 parser. The soup_message_headers_append_common() function unconditionally appends header values without validating for duplicate or conflicting Content-Length fields, enabling HTTP request smuggling via multiple Content-Length headers with differing values...

5.3CVSS5.7AI score0.00321EPSS
Exploits1References4Affected Software2
SUSE CVE
SUSE CVE
added 2026/04/03 11:25 p.m.5 views

SUSE CVE-2026-32762

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwardedvalues parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons...

6.5CVSS5.7AI score0.00179EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/04 8:47 a.m.30 views

CVE-2026-27444 Header Email Address Parsing

SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it...

7.8CVSS0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/03/04 8:47 a.m.17 views

CVE-2026-27444

SEPPmail Secure Email Gateway is affected prior to version 15.0.1 due to incorrect parsing of email addresses in headers, leading to an interpretation conflict with other mail infrastructure. This can enable an attacker to fake the email source or decrypt it. The known remediation is upgrading to...

7.8CVSS5.9AI score0.00213EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/26 5:45 p.m.40 views

CVE-2025-57783

CVE-2025-57783 affects Hiawatha webserver (versions 8.5–11.7) and is due to improper HTTP header parsing in the fetch_request path, enabling an unauthenticated attacker to smuggle requests and access restricted resources. Connected sources corroborate this entry and also note related issues (5778...

5.3CVSS6.1AI score0.00449EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/26 5:45 p.m.4 views

CVE-2025-57783 Improper header parsing may lead to request smuggling

Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver...

5.8AI score0.00449EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/26 5:45 p.m.6 views

EUVD-2025-206340

Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver...

5.3CVSS5.8AI score0.00449EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 3:1 a.m.4 views

CVE-2026-0792

ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this...

8.1CVSS6.3AI score0.00631EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/10/10 8:28 p.m.3 views

GHSA-MR3Q-G2MV-MR4Q Sinatra is vulnerable to ReDoS through ETag header value generation

Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...

6.9CVSS6.9AI score0.00458EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.5 views

Sinatra 安全漏洞

Sinatra is a Sinatra open source DSL for quickly creating web applications in Ruby with minimal effort A security vulnerability exists in Sinatra versions prior to 4.2.0 that stems from a flaw in the If-Match and If-None-Match header parsing components that could lead to a denial of service attac...

7.5CVSS6.1AI score0.00458EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-37149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic...

7.5CVSS7.2AI score0.02507EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-29197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a...

7.5CVSS7.1AI score0.01216EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2025/08/21 1:53 p.m.5 views

USN-7709-1: WEBrick vulnerability

It was discovered that WEBrick incorrectly parsed HTTP headers. In configurations where WEBrick is placed behind an HTTP proxy, a remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack...

6.5CVSS6.9AI score0.00422EPSS
Exploits0
OSV
OSV
added 2025/08/21 1:53 p.m.7 views

USN-7709-1 ruby-webrick vulnerability

It was discovered that WEBrick incorrectly parsed HTTP headers. In configurations where WEBrick is placed behind an HTTP proxy, a remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack...

6.5CVSS6.6AI score0.00422EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-1734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers...

6.3CVSS6.2AI score0.00481EPSS
Exploits0References2
CVE
CVE
added 2025/08/14 4:29 p.m.21 views

CVE-2025-20244

CVE-2025-20244 affects Cisco Secure Firewall ASA/FTD Remote Access SSL VPN Web Server. The flaw arises from incomplete error checking when parsing an HTTP header field value, enabling an authenticated VPN user to trigger a device reload and DoS. Affected: ASA/FTD Remote Access VPN Web Server; imp...

7.7CVSS7.2AI score0.005EPSS
Exploits0References1
Redos
Redos
added 2025/08/13 12:0 a.m.4 views

ROS-20250813-01

A vulnerability in the tarfile module of the Python programming language interpreter CPython is associated with incorrect parsing of the file header. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...

7.5CVSS7.1AI score0.02203EPSS
Exploits2
OSV
OSV
added 2025/07/17 3:38 p.m.4 views

USN-7645-1 php7.0, php7.2 vulnerabilities

It was discovered that PHP incorrectly parsed certain HTTP response headers. An attacker could possibly use this issue to cause incorrect MIME type parsing which could result in unexpected behavior. CVE-2025-1217 It was discovered that PHP did not properly validate certain HTTP headers. An attack...

9.8CVSS6.3AI score0.00821EPSS
Exploits1References5
Rows per page
Query Builder