Lucene search
K

736 matches found

Debian CVE
Debian CVE
added 2026/03/25 10:27 a.m.3 views

CVE-2026-23318

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the validators table for UAC3 AC header descriptor is defined with the wrong protocol version UACVERSION2, while it should have been UACVERSION3. This...

7.1CVSS5.2AI score0.00132EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 a.m.4 views

CVE-2026-23318

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the validators table for UAC3 AC header descriptor is defined with the wrong protocol version UACVERSION2, while it should have been UACVERSION3. This...

5.6AI score0.00132EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.8 views

PT-2026-28126

Name of the Vulnerable Software and Affected Versions IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 Description The software is susceptible to HTTP header injection due to inadequate input validation of the HOST headers. This could enable an attacker to perform various...

6.5CVSS5.6AI score0.00221EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is IBM's enterprise-class data integration platform for data quality governance, data integration and master data management. A security vulnerability exists in IBM InfoSphere Information Server that stems from improper validation of HOST header input. An attacke...

6.5CVSS5.7AI score0.00221EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/24 9:31 p.m.8 views

EUVD-2026-15002

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...

6.3CVSS5.8AI score0.0015EPSS
Exploits0References2
NVD
NVD
added 2026/03/24 9:16 p.m.3 views

CVE-2026-21790

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...

6.3CVSS0.0015EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 8:4 p.m.18 views

CVE-2026-21790 HCL Traveler is susceptible to a weak default HTTP header validation vulnerability

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...

6.3CVSS0.0015EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 8:4 p.m.5 views

CVE-2026-21790

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...

6.3CVSS5.8AI score0.0015EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/24 8:4 p.m.5 views

CVE-2026-21790 HCL Traveler is susceptible to a weak default HTTP header validation vulnerability

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...

6.3CVSS5.8AI score0.0015EPSS
Exploits0References1
CVE
CVE
added 2026/03/24 8:4 p.m.7 views

CVE-2026-21790

HCL Traveler is affected by CVE-2026-21790, a weak default HTTP header validation vulnerability that could allow bypassing authentication checks. The CVSS v3.1 base score is 6.3 (MEDIUM), with network attack vector, low attack complexity, and privileges required. The impact is low for confidentia...

6.3CVSS5.8AI score0.0015EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 7:29 p.m.9 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Undertow

Summary Multiple vulnerabilities in Undertow that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-3884 DESCRIPTION: A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the...

9.6CVSS5.8AI score0.01209EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/24 9:41 a.m.6 views

CVE-2026-33252

A flaw was found in the Go MCP SDK's Streamable HTTP transport, which uses Go's standard encoding/json package. In deployments without authorization, a remote attacker can exploit this Cross-Site Request Forgery CSRF vulnerability. By sending browser-generated cross-site POST requests to a local...

7.1CVSS5.7AI score0.00178EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.4 views

PT-2026-27498

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...

6.3CVSS5.8AI score0.0015EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.9 views

HCL Traveler 安全漏洞

HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. HCL Traveler has a security vulnerability that stems from weak HTTP header validation, which can be exploited by an attack...

6.3CVSS5.8AI score0.0015EPSS
Exploits0References1
NVD
NVD
added 2026/03/23 10:16 p.m.2 views

CVE-2026-32913

OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. Attackers can trigger redirects to different origins to intercept sensitive headers like X-Api-Key and Private-Token intend...

9.3CVSS0.00316EPSS
Exploits0References3
CVE
CVE
added 2026/03/23 9:36 p.m.11 views

CVE-2026-32913

OpenClaw prior to version 2026.3.7 has an improper header validation in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. This allows an attacker to trigger redirects to different origins and intercept headers such as X-Api-Key and Private-Token intended...

9.3CVSS5.8AI score0.00316EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/23 9:36 p.m.10 views

EUVD-2026-14599

OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. Attackers can trigger redirects to different origins to intercept sensitive headers like X-Api-Key and Private-Token intend...

9.3CVSS5.8AI score0.00316EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.4 views

PT-2026-26779

Name of the Vulnerable Software and Affected Versions Ory Oathkeeper affected versions not specified Description Ory Oathkeeper, when deployed behind components like CDNs or reverse proxies, may incorrectly evaluate rules due to improper handling of the X-Forwarded-Proto header. The configuration...

6.5CVSS5.7AI score0.00233EPSS
Exploits0References6
OSV
OSV
added 2026/03/18 5:47 p.m.5 views

CVE-2026-32632 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...

5.9CVSS6AI score0.0016EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/03/18 1:17 p.m.8 views

undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

9.6CVSS7.6AI score0.01179EPSS
Exploits0References4
Rows per page
Query Builder