Lucene search
+L

77 matches found

Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.9 views

PT-2026-22889

SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...

8.2CVSS5.9AI score0.00217EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/25 10:41 p.m.6 views

Open Redirect

Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Open Redirect via the internal URL processing logic when handling the X-Forwarded-Prefix header. An attacker can cause users to be redirected to arbitrary external domains b...

7.2CVSS6.1AI score0.00302EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/25 4:40 p.m.22 views

CVE-2026-27738 Angular SSR has an Open Redirect via X-Forwarded-Prefix

The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic...

6.9CVSS0.00302EPSS
Exploits0References4
CVE
CVE
added 2026/02/25 4:40 p.m.24 views

CVE-2026-27738

CVE-2026-27738 describes an open redirect in Angular SSR’s internal URL processing. In affected Angular SSR versions on the 19.x branch prior to 19.2.21, 20.x prior to 20.3.17, and 21.x prior to 21.1.5 and 21.2.0-rc.1, the logic that normalizes URL segments by stripping a single leading slash can...

6.9CVSS5.6AI score0.00302EPSS
Exploits0References4
OSV
OSV
added 2026/02/25 4:40 p.m.8 views

CVE-2026-27738 Angular SSR has an Open Redirect via X-Forwarded-Prefix

The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic...

6.9CVSS5.7AI score0.00302EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/28 3:16 a.m.5 views

CVE-2026-24489

Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...

5.3CVSS6AI score0.0036EPSS
Exploits1References1
CVE
CVE
added 2026/01/27 12:36 a.m.25 views

CVE-2026-24489

Gakido is a Python HTTP client vulnerable to HTTP header injection (CRLF/NULL) in versions prior to 0.1.1. The vulnerability arises from user-controlled header names/values not being sanitized, allowing an attacker to inject arbitrary headers into requests. The fix added in 0.1.1 provides a dedic...

5.3CVSS6AI score0.0036EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/27 12:36 a.m.8 views

EUVD-2026-4832

Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...

5.3CVSS6AI score0.0036EPSS
Exploits1References3
OSV
OSV
added 2026/01/27 12:36 a.m.5 views

CVE-2026-24489 Gakido vulnerable to HTTP Header Injection (CRLF Injection)

Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...

5.3CVSS6AI score0.0036EPSS
Exploits1References5
Snyk
Snyk
added 2026/01/26 11:29 p.m.2 views

HTTP Response Splitting

Overview gakido is a High-performance CPython HTTP client with browser impersonation. Affected versions of this package are vulnerable to HTTP Response Splitting via improper sanitization of user-supplied header values and names in the canonicalizeheaders function. An attacker can inject arbitrar...

6.9CVSS6AI score0.0036EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.7 views

PT-2026-4842

Name of the Vulnerable Software and Affected Versions Gakido versions prior to 0.1.1 Description Gakido, a Python HTTP client designed for browser impersonation and anti-bot evasion, contains a flaw that allows for HTTP header injection. This occurs due to the lack of proper sanitization of...

5.3CVSS6.1AI score0.0036EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 9 : toolbox-0.0.99.4-6.el9 (AXSA:2023-6916:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6916:03 advisory. go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper...

9.8CVSS8.1AI score0.04561EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.10 views

MiracleLinux 9 : buildah-1.31.3-1.el9 (AXSA:2023-6640:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6640:04 advisory. golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPA...

9.8CVSS8.3AI score0.04561EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : containernetworking-plugins-1.3.0-4.el9 (AXSA:2023-6651:02)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6651:02 advisory. golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPA...

9.8CVSS8.3AI score0.04561EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.13 views

RockyLinux 8 : container-tools:rhel8 (RLSA-2023:2758)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2758 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-196...

7.5CVSS7.2AI score0.05623EPSS
Exploits5References29
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.5 views

RockyLinux 8 : container-tools:4.0 (RLSA-2023:2802)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2802 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-196...

7.5CVSS7.1AI score0.05623EPSS
Exploits5References29
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-1853

Malicious code in bioql PyPI...

6.3CVSS6.6AI score0.00396EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/07 6:30 a.m.2 views

Cross-site Scripting (XSS)

Overview django-aws-api-gateway-websockets is a Created to allow Django projects to be used as a HTTP backend for AWS API Gateway websockets Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the lack of sanitization an HTTP header in the...

5.4CVSS5.5AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 1:21 p.m.8 views

CVE-2018-14887

Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and to disclose database names via a crafted request...

6.5CVSS6.8AI score0.01808EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:5 a.m.5 views

CVE-2018-20808

An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX...

6.1CVSS6AI score0.01602EPSS
Exploits0References1
Rows per page
Query Builder