Lucene search
K

736 matches found

Cvelist
Cvelist
added 2026/01/13 7:30 p.m.22 views

CVE-2025-68925 Jervis has a JWT Algorithm Confusion Vulnerability

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...

6.9CVSS0.00128EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 7 : java-11-openjdk-11.0.26.0.4-1.0.1.el7.AXS7 (AXSA:2025-9817:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9817:01 advisory. - Upgrade to openjdk-11.0.26+4. The following CVEs were fixed: - CVE-2024-21131: potential UTF8 size overflow - CVE-2024-21138: excessive symbol...

7.4CVSS6.5AI score0.01257EPSS
Exploits0References12
CVE
CVE
added 2026/01/12 8:15 a.m.40 views

CVE-2025-14279

The CVE details a DNS rebinding vulnerability in MLflow up to version 3.4.0 caused by lack of Origin header validation in the MLflow REST server. The issue allows an attacker to bypass Same-Origin Policy and issue unauthorized requests to REST endpoints, enabling querying, updating, and deleting ...

8.1CVSS7.8AI score0.00193EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.5 views

MLflow 访问控制错误漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. An Access Control Error vulnerability exists in MLflow 3.4.0 and prior versions, which stems from a la...

8.1CVSS7.9AI score0.00193EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:15 a.m.7 views

CVE-2019-2272

Buffer overflow can occur in display function due to lack of validation of header block size set by user. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909...

7.8CVSS7.7AI score0.00197EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/01/08 4:57 p.m.5 views

undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

9.6CVSS5.8AI score0.01179EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/01/08 4:57 p.m.4 views

undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

9.6CVSS5.8AI score0.01179EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/01/08 4:53 p.m.5 views

undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

9.6CVSS5.8AI score0.01179EPSS
Exploits0References4
OSV
OSV
added 2026/01/08 3:48 p.m.3 views

SUSE-SU-2026:20043-1 Security update for python-tornado6

This update for python-tornado6 fixes the following issues: - CVE-2025-67724: Fixed missing validation of the supplied reason phrase bsc1254903 - CVE-2025-67725: Fixed inefficient algorithm when parsing parameters for HTTP header values bsc1254905 - CVE-2025-67726: Fixed Denial of Service DoS via...

7.5CVSS6.1AI score0.00396EPSS
Exploits0References7
Snyk
Snyk
added 2026/01/07 6:30 p.m.3 views

Improper Validation of Syntactic Correctness of Input

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input of the request's Host header. An attacker can manipulate server behavior, potentially leading to cache...

9.6CVSS6AI score0.01179EPSS
Exploits0References2
OSV
OSV
added 2026/01/07 5:15 p.m.8 views

CVE-2025-12543

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

9.6CVSS5.8AI score0.01179EPSS
Exploits0References13
OSV
OSV
added 2026/01/07 5:15 p.m.4 views

DEBIAN-CVE-2025-12543

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

9.6CVSS7.7AI score0.01179EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/07 4:4 p.m.32 views

CVE-2025-12543 Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

9.6CVSS0.01179EPSS
Exploits0References15
Debian CVE
Debian CVE
added 2026/01/07 4:4 p.m.5 views

CVE-2025-12543

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

9.6CVSS7.7AI score0.01179EPSS
Exploits0
CVE
CVE
added 2026/01/07 9:20 a.m.18 views

CVE-2025-13694

CVE-2025-13694 affects the WordPress plugin AA Block country (versions

5.3CVSS5.7AI score0.00205EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/07 4:55 a.m.5 views

Exposed Dangerous Method or Function

Overview playwright is an A high-level API to automate web browsers Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via missing validation of the Origin header on incoming connections. An attacker can gain unauthorized access to locally running endpoints b...

8.8CVSS6.8AI score0.00844EPSS
Exploits0References2
CVE
CVE
added 2026/01/07 4:24 a.m.32 views

CVE-2025-9611

Microsoft Playwright MCP Server prior to version 0.0.40 is vulnerable due to missing Origin header validation, enabling DNS rebinding attacks that can trigger unauthorized requests to locally running MCP tool endpoints. Affected software: MCP Server versions

7.2CVSS6.3AI score0.00844EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.14 views

Red Hat Undertow 安全漏洞

Red Hat Undertow is a Java-based embedded web server from Red Hat, Inc. and is the default web server for Wildfly Java Application Server. A security vulnerability exists in Red Hat Undertow that stems from not properly validating the Host header, which could lead to cache poisoning, internal...

9.6CVSS6.6AI score0.01179EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-27683

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s ALSA subsystem related to USB audio handling. Specifically, the validator table for UAC3 AC header descriptors incorrectly uses UAC VERSION 2 instead ...

7.1CVSS5.9AI score0.00132EPSS
Exploits0References84
SUSE CVE
SUSE CVE
added 2025/12/25 12:56 a.m.3 views

SUSE CVE-2023-54063

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix OOB read in indxinsertintobuffer Syzbot reported a OOB read bug: BUG: KASAN: slab-out-of-bounds in indxinsertintobuffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755 Read of size 17168 at addr ffff8880255e06c0 by task...

6.5AI score0.002EPSS
Exploits0References3
Rows per page
Query Builder