Lucene search
K

736 matches found

OSV
OSV
added 2026/02/27 11:33 a.m.8 views

CLSA-2026-1772192033 python2: Fix of 2 CVEs

CVE-2026-1299: raise exceptions for malformed input to prevent processing invalid or dangerous headers - CVE-2024-6923: encode newlines in headers and verify headers are sound...

6CVSS6.9AI score0.00737EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 10:59 p.m.4 views

CLSA-2026-1772146785 httpd: Fix of CVE-2024-42516

CVE-2024-42516: fix HTTP response splitting by reordering header validation to occur after full response header assembly...

7.5CVSS6.6AI score0.00679EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 10:25 a.m.6 views

CLSA-2026-1772101499 httpd: Fix of CVE-2024-42516

CVE-2024-42516: fix HTTP response splitting by reordering header validation to occur after full response header assembly...

7.5CVSS7.1AI score0.00679EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 10:21 a.m.5 views

CLSA-2026-1772101256 httpd: Fix of CVE-2024-42516

CVE-2024-42516: fix HTTP response splitting by reordering header validation to occur after full response header assembly...

7.5CVSS7.1AI score0.00679EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/25 10:42 p.m.4 views

Server-side Request Forgery (SSRF)

Overview @angular/build is an Official build system for Angular Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request handling pipeline due to improper validation of user-controlled HTTP headers such as Host and X-Forwarded-. An attacker can redirect...

9.3CVSS6AI score0.00497EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/25 10:42 p.m.4 views

Server-side Request Forgery (SSRF)

Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request handling pipeline due to improper validation of user-controlled HTTP headers such as Host and X-Forwarded-. An attacker can...

9.3CVSS6AI score0.00497EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/25 10:42 p.m.7 views

Server-side Request Forgery (SSRF)

Overview @angular-devkit/build-angular is an Angular Webpack Build Facade Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request handling pipeline due to improper validation of user-controlled HTTP headers such as Host and X-Forwarded-. An attacker ca...

9.3CVSS6AI score0.00497EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.5 views

PT-2026-21966

Name of the Vulnerable Software and Affected Versions Angular SSR versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 Description Angular SSR, a server-side rendering tool for Angular applications, contains a Server-Side Request Forgery SSRF issue in its request handling pipeline. The...

9.2CVSS7.4AI score0.00497EPSS
Exploits1References22
NVD
NVD
added 2026/02/23 9:19 p.m.10 views

CVE-2025-68930

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability in the /api/socket endpoint. The application fails to validate the Origin header during the WebSocket handshake. This allows a remote attacker to bypass...

7.1CVSS0.00541EPSS
Exploits4References1
Packet Storm
Packet Storm
added 2026/02/18 12:0 a.m.140 views

📄 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner

This C++ scanner analyzes DNG Digital Negative files for the CVE-2025-58478 type confusion vulnerability in the libimagecodec.quram.so library used on Samsung devices...

7.5CVSS5.5AI score0.0022EPSS
Exploits2
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.8 views

Apache Tomcat 输入验证错误漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Vulnerabilities exist in versions of Apache Tomcat from 11.0.0-M1 to 11.0.14, from 10.1.0-M1 to 10.1.49, from 9.0.0-M1 to 9.0.11...

9.1CVSS6.8AI score0.00235EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/16 12:0 a.m.5 views

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2025-39787)

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...

5.5CVSS5.5AI score0.00148EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/02/11 9:10 a.m.4 views

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2026-1536: Always validate the headers value when coming from untrusted source to avoid HTTP header injection. bsc1257440 CVE-2026-1761: Check length of bytes read in soupfilterinputstreamreaduntil to avoid a stack-based buffer overflow...

9.2CVSS6.2AI score0.00947EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/02/10 8:28 p.m.4 views

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

7.3CVSS5.7AI score0.00531EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/10 7:33 a.m.7 views

CVE-2025-66596

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows:...

6.9CVSS5.3AI score0.00153EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/09 8:53 p.m.4 views

Server-side Request Forgery (SSRF)

Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper validation of apiurl and apikey fields in baggage headers in RunTree.fromheaders and...

7.5CVSS5.9AI score0.00282EPSS
Exploits0References2
OSV
OSV
added 2026/02/09 5:16 a.m.4 views

CVE-2025-66596

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows:...

6.1CVSS5.7AI score0.00153EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/09 3:35 a.m.3 views

CVE-2025-66596

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows:...

6.9CVSS5.3AI score0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.6 views

Yokogawa FAST/TOOLS 安全漏洞

Yokogawa FAST/TOOLS is a real-time operation management and visualization software developed by Yokogawa Electric Corporation. There are security vulnerabilities in the Yokogawa FAST/TOOLS R9.01 to R10.04 versions. These vulnerabilities stem from improper validation of request headers, which may...

6.9CVSS5.8AI score0.00153EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.7 views

PT-2026-7061

Name of the Vulnerable Software and Affected Versions FAST/TOOLS versions R9.01 through R10.04 Description The software does not properly validate request headers. An attacker inserting an invalid host header could redirect users to malicious sites. The vulnerable component is susceptible to host...

6.9CVSS5.8AI score0.00153EPSS
Exploits0References6
Rows per page
Query Builder