Lucene search
K

734 matches found

Cvelist
Cvelist
added 2025/06/26 2:45 p.m.8 views

CVE-2025-53007 arduino-esp32 vulnerable to CRLF injection in WebServer.cpp

arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoi...

9.3CVSS0.00396EPSS
Exploits0References4
Veracode
Veracode
added 2025/06/09 6:0 a.m.16 views

Cross-site WebSocket Hijacking

webpack-dev-server is vulnerable to Cross-site WebSocket hijacking. The vulnerability is due to improper Origin header validation, which permits IP address origins, allows attackers to hijack WebSocket connections and steal source code via malicious websites...

6.5CVSS6.4AI score0.00287EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2025/05/30 6:43 a.m.1 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' due to the improper validation of X-Forwarded-For and Forwarded headers forwarded from untrusted proxies. An attacker can manipulate the server's behavior by sending crafted headers fro...

8.6CVSS6.9AI score0.00276EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 12:0 p.m.5 views

CVE-2025-24013

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or...

5.3CVSS6.8AI score0.00477EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:36 a.m.18 views

CVE-2023-2848

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...

8.8CVSS6.7AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:28 a.m.35 views

CVE-2023-7080

The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary cod...

8.5CVSS7.4AI score0.00583EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:50 a.m.16 views

CVE-2022-20688

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart. This vulnerability is due ...

5.3CVSS8.1AI score0.00935EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:50 p.m.5 views

CVE-2022-22757

Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...

6.5CVSS6.2AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2025/05/22 1:15 a.m.2 views

DEBIAN-CVE-2025-3887

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

8.8CVSS8.7AI score0.00708EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/13 1:59 p.m.6 views

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

7.3CVSS5.7AI score0.00511EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/13 1:59 p.m.37 views

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

7.3CVSS5.7AI score0.00511EPSS
Exploits0References5
Debian
Debian
added 2025/05/01 9:37 a.m.12 views

[SECURITY] [DLA 4151-1] golang-github-gorilla-csrf security update

-------------------------------------------------------------------------- Debian LTS Advisory DLA-4151-1 [email protected] https://www.debian.org/lts/security/ Andrej Shadura May 01, 2025 https://wiki.debian.org/LTS -...

6CVSS5.6AI score0.00345EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/04/28 3:19 p.m.6 views

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

7.3CVSS5.7AI score0.00511EPSS
Exploits0References5
Veracode
Veracode
added 2025/04/25 8:13 a.m.10 views

Validation Bypass

Fastify is vulnerable to validation bypass. The vulnerability is due to improper normalization and matching of the Content-Type header, allowing attackers to evade validation by altering casing or whitespace...

7.5CVSS6.7AI score0.00635EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/04/16 5:54 a.m.4 views

CLSA-2025-1744782851 php: Fix of CVE-2025-1736

CVE-2025-1736: add checking of http user header crlf...

7.3CVSS5.8AI score0.00511EPSS
Exploits0References1
OSV
OSV
added 2025/04/14 9:15 p.m.5 views

CVE-2022-43847

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

5.4CVSS5.3AI score0.00185EPSS
Exploits0References1
OSV
OSV
added 2025/04/14 11:39 a.m.9 views

BIT-PHP-MIN-2025-1736 Stream HTTP wrapper header check might omit basic auth header

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...

7.3CVSS6AI score0.00511EPSS
Exploits0References4
OSV
OSV
added 2025/04/14 3:15 a.m.6 views

PYSEC-2025-171

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/AssetLib/MD3/MD3Loader.cpp of the component File Handler. The manipulation leads to heap-based buffer...

3.3CVSS5.9AI score0.0023EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/04/14 12:0 a.m.4 views

IBM Aspera Console 安全漏洞

IBM Aspera Console is a Web-based application from International Business Machines IBM, Inc. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A security vulnerability exists in IBM Aspera Console 3.4.4 and prior versions, which stems from improper...

5.4CVSS4.6AI score0.00185EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/14 12:0 a.m.2 views

libsoup 安全漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A security vulnerability exists in libsoup that stems from an HTTP/2 server that does not fully validate pseudo header values, which could lead to a denial of service...

7.5CVSS7.4AI score0.00502EPSS
Exploits0References3
Rows per page
Query Builder