Lucene search
K

736 matches found

CNNVD
CNNVD
added 2025/09/29 12:0 a.m.4 views

SafeDep 安全漏洞

SafeDep is an open source package from SafeDep that prevents malicious open source. A security vulnerability exists in SafeDep version 1.12.4 and earlier, which stems from a lack of HTTP Host and Origin header validation and could lead to a DNS rebinding attack...

2.1CVSS8.9AI score0.0038EPSS
Exploits0References3
Veracode
Veracode
added 2025/09/25 2:53 p.m.6 views

Allocation Of Resources Without Limits

github.com/ulikunitz/xz is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to denial of service due to improper header validation that allows arbitrary data to be prepended to an LZMA stream, causing the implementation to allocate a full decode buffer and consume...

5.3CVSS7.1AI score0.00385EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/09/23 2:56 p.m.8 views

CLSA-2025-1758289909 Fix CVE(s): CVE-2025-1735, CVE-2025-1736

SECURITY UPDATE: Inadequate validation in pgsql and pdopgsql functions - debian/patches/CVE-2025-1735.patch: add error checks for escape function in pgsql and pdopgsql extensions to prevent potential security issues - CVE-2025-1735 SECURITY UPDATE: Insufficient HTTP header validation -...

7.5CVSS7AI score0.00953EPSS
Exploits0References1
Veracode
Veracode
added 2025/09/18 2:19 p.m.6 views

Request Smuggling

h2 is vulnerable to request smuggling. The vulnerability is due to improper validation of header names/values when downgrading HTTP/2 requests to HTTP/1.1, which allows an attacker to inject CRLF characters, manipulate request boundaries, and bypass security controls...

6.9CVSS6.6AI score0.0161EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2025/09/18 10:59 a.m.6 views

HTTP Request Smuggling (HRS)

mitmproxy is vulnerable to HTTP request smuggling. The vulnerability is due to mitmproxy embedding python-hyper/h2 ≤ v4.2.0 which has a gap in its HTTP/2 header validation, which allows an attacker to smuggle requests when mitmproxy translates HTTP/2 to HTTP/1...

7AI score
Exploits0
CNNVD
CNNVD
added 2025/09/18 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly validating the MAC header, which could lead to a null pointer dereference...

5.5CVSS5.1AI score0.00137EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/09/17 5:45 p.m.4 views

CVE-2025-59155

hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...

6.9CVSS6.9AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/16 5:39 p.m.3 views

CVE-2023-53333

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet says: nfconntrackdccppacket has an unique: dh = skbheaderpointerskb, dataoff, sizeofdh, &dh; And nothing more is 'pulled' from the...

5.5CVSS5.9AI score0.00139EPSS
Exploits0References4
NVD
NVD
added 2025/09/16 5:15 p.m.9 views

CVE-2023-53333

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet says: nfconntrackdccppacket has an unique: dh = skbheaderpointerskb, dataoff, sizeofdh, &dh; And nothing more is 'pulled' from the...

7.1CVSS0.00139EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.3 views

HackMD MCP Server 代码问题漏洞

HackMD MCP Server is a context protocol server for yuna0x0 individual developers. A code issue vulnerability exists in hackmd-mcp version 1.4.0 up to and including version 1.5.0, which stems from not validating the Hackmd-Api-Url header or base64-encoded JSON query parameter in HTTP transport mod...

6.9CVSS6.7AI score0.00335EPSS
Exploits0References2
OSV
OSV
added 2025/09/11 5:15 p.m.14 views

AZL-67211 CVE-2025-39787 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...

5.5CVSS5.8AI score0.00148EPSS
Exploits0References1
OSV
OSV
added 2025/09/11 5:15 p.m.3 views

UBUNTU-CVE-2025-39787

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...

5.5CVSS6AI score0.00148EPSS
Exploits0References36
RedHat Linux
RedHat Linux
added 2025/09/11 12:0 p.m.115 views

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

7.3CVSS5.7AI score0.00511EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-2848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation. CVE-2023-2848 Not...

8.8CVSS7.8AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2025/09/05 6:15 p.m.16 views

AZL-66947 CVE-2025-39718 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skbput When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtiovsockskbrxput. Unfortunately, virtiovsockskbrxput uses the length...

5.5CVSS6.8AI score0.00137EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 8:2 p.m.9 views

CLSA-2025-1757016160 Fix CVE(s): CVE-2025-1217, CVE-2025-1734, CVE-2025-1736, CVE-2025-1861

SECURITY UPDATE: misinterpretation of HTTP response headers - debian/patches/CVE-2025-1217.patch: adds HTTP header folding support for HTTP wrapper response headers in ext/standard/httpfopenwrapper.c - CVE-2025-1217 SECURITY UPDATE: insufficient HTTP header validation -...

9.8CVSS6AI score0.0079EPSS
Exploits1References1
OSV
OSV
added 2025/09/04 7:37 p.m.4 views

CLSA-2025-1757014652 Fix CVE(s): CVE-2025-1217, CVE-2025-1734, CVE-2025-1736, CVE-2025-1861

SECURITY UPDATE: misinterpretation of HTTP response headers - debian/patches/CVE-2025-1217.patch: adds HTTP header folding support for HTTP wrapper response headers in ext/standard/httpfopenwrapper.c - CVE-2025-1217 SECURITY UPDATE: insufficient HTTP header validation -...

9.8CVSS6AI score0.0079EPSS
Exploits1References1
Microsoft CVE
Microsoft CVE
added 2025/09/03 10:15 p.m.4 views

drm/amdgpu: Add basic validation for RAS header

...

5.5CVSS7AI score0.00157EPSS
Exploits0
Debian
Debian
added 2025/09/02 10:2 p.m.6 views

[SECURITY] [DLA 4290-1] python-h2 security update

Debian LTS Advisory DLA-4290-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert September 02, 2025 https://wiki.debian.org/LTS Package : python-h2 Version : 4.0.0-3+deb11u1 CVE ID : CVE-2025-57804 Debian Bug : 1112348 A vulnerability has been discovered in python-h2...

6.9CVSS7AI score0.0161EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-20740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdfgetversion. CVE-2020-20740 Note that Nessus relies on the presence o...

7.8CVSS7.3AI score0.01046EPSS
Exploits1References2
Rows per page
Query Builder