Lucene search
K

736 matches found

OSV
OSV
added 2026/02/03 9:12 p.m.5 views

CVE-2026-25151 Qwik City has a CSRF Protection Bypass via Content-Type Header Validation

Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote attacker to circumvent form submission CSRF protections using specially crafted or multi-valued...

5.9CVSS5.5AI score0.00159EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/03 9:12 p.m.25 views

CVE-2026-25151 Qwik City has a CSRF Protection Bypass via Content-Type Header Validation

Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote attacker to circumvent form submission CSRF protections using specially crafted or multi-valued...

5.9CVSS0.00159EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 5:20 p.m.7 views

RLSA-2026:1148 Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: hcievent: call disconnect callback before deleting conn CVE-2023-53673 kernel: ASoC: Intel: bytcrrt5640: Fix invalid...

7.8CVSS5.5AI score0.00335EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/03 11:39 a.m.10 views

EUVD-2026-5307

Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...

6.9CVSS5.5AI score0.00366EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.13 views

PT-2026-6054

Name of the Vulnerable Software and Affected Versions Cloudflare Agents SDK versions prior to 0.3.7 Description An Insecure Direct Object Reference exists in the createHeaderBasedEmailResolver function. The issue arises because the Message-ID and References headers are parsed to determine the...

6.9CVSS5.7AI score0.00366EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2026/01/26 12:0 a.m.8 views

Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: hcievent: call disconnect callback before deleting conn CVE-2023-53673 kernel: ASoC: Intel: bytcrrt5640: Fix invalid...

7.8CVSS6.9AI score0.00335EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.8 views

ALGO 8180 IP Audio Alerter security vulnerability

ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a security vulnerability. This vulnerability stems from the lack of data length validation when processing SIP INVITE requests’ Alert-Info headers, which may lead to stack buffer overflow...

9.8CVSS7.6AI score0.00631EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.7 views

Azure Linux 3.0 Security Update: libsoup (CVE-2025-32908)

The version of libsoup installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32908 advisory. - A flaw was found in libsoup. The HTTP/2 server in libsoup May not fully validate the values of pseudo-...

7.5CVSS7.3AI score0.00502EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : java-11-openjdk-11.0.24.0.8-3.el8 (AXSA:2024-8581:14)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8581:14 advisory. OpenJDK: RangeCheckElimination array index overflow 8323231 CVE-2024-21147 OpenJDK: potential UTF8 size overflow 8314794 CVE-2024-21131 OpenJDK:...

7.4CVSS8.3AI score0.01257EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.422.b05-2.el8 (AXSA:2024-8592:14)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8592:14 advisory. OpenJDK: RangeCheckElimination array index overflow 8323231 CVE-2024-21147 OpenJDK: potential UTF8 size overflow 8314794 CVE-2024-21131 OpenJDK:...

7.4CVSS8.3AI score0.01257EPSS
Exploits0References7
CVE
CVE
added 2026/01/15 6:33 p.m.21 views

CVE-2025-67647

CVE-2025-67647 affects SvelteKit. Before 2.49.5, it allows server-side request forgery (SSRF) and DoS under prerender conditions. From 2.44.0 to 2.49.4, a DoS can occur if at least one prerendered route exists (export const prerender = true). From 2.19.0 to 2.49.4, DoS/SSRF can occur when there i...

9.1CVSS6.4AI score0.00466EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/01/15 6:33 p.m.4 views

CVE-2025-67647

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery SSRF and denial of service DoS under certain conditions. From 2.44.0 through 2.49.4, the vulnerability results in a DoS when...

9.1CVSS5.6AI score0.00466EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/01/15 6:9 p.m.4 views

Server-side Request Forgery (SSRF)

Overview @sveltejs/kit is a SvelteKit framework and CLI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper decoding of protocol headers in resolved path. An attacker can cause the server process to terminate or access internal services by...

9.1CVSS6.8AI score0.00466EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.7 views

PT-2026-3088

Name of the Vulnerable Software and Affected Versions SvelteKit versions 2.19.0 through 2.49.4 Description SvelteKit is susceptible to server side request forgery SSRF and denial of service DoS under specific conditions. The framework, downloaded over 800,000 times per week, is affected in versio...

8.4CVSS6.8AI score0.00466EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/01/14 8:22 p.m.7 views

CVE-2025-68925

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...

6.9CVSS7.1AI score0.00128EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/14 4:49 p.m.4 views

EUVD-2026-2451

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...

6.3CVSS6AI score0.00307EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/14 4:49 p.m.3 views

CVE-2026-22779

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...

6.3CVSS5.6AI score0.00307EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.4 views

PT-2026-2925

Name of the Vulnerable Software and Affected Versions BlackSheep versions prior to 2.4.6 Description BlackSheep, an asynchronous web framework for building event-based web applications with Python, has an issue in its HTTP Client implementation. Missing validation of headers allows an attacker to...

6.3CVSS6.5AI score0.00307EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.6 views

BlackSheep 注入漏洞

BlackSheep is an open source web application framework from Neoteroi. BlackSheep version 2.4.6 before the injection vulnerability , the vulnerability stems from the HTTP client-side implementation of the lack of header validation , which could lead to an attacker to modify the HTTP request or...

6.3CVSS6.9AI score0.00307EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/13 7:30 p.m.22 views

CVE-2025-68925 Jervis has a JWT Algorithm Confusion Vulnerability

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...

6.9CVSS0.00128EPSS
Exploits0References2
Rows per page
Query Builder