Lucene search
K

737 matches found

CNNVD
CNNVD
added 2025/04/14 12:0 a.m.4 views

IBM Aspera Console 安全漏洞

IBM Aspera Console is a Web-based application from International Business Machines IBM, Inc. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A security vulnerability exists in IBM Aspera Console 3.4.4 and prior versions, which stems from improper...

5.4CVSS4.6AI score0.00202EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/14 12:0 a.m.3 views

libsoup 安全漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A security vulnerability exists in libsoup that stems from an HTTP/2 server that does not fully validate pseudo header values, which could lead to a denial of service...

7.5CVSS7.4AI score0.00532EPSS
Exploits0References3
Veracode
Veracode
added 2025/04/10 7:59 a.m.8 views

Host Header Injection

@react-router/express, @remix-run/express is vulnerable to Host header injection. The vulnerability exists due to improper validation of the Host and X-Forwarded-Host headers, allowing attackers to spoof the request URL by injecting a pathname into the port section of the header...

7.5CVSS7.4AI score0.01151EPSS
Exploits0References3Affected Software2
CNNVD
CNNVD
added 2025/04/07 12:0 a.m.3 views

Graylog 授权问题漏洞

Graylog is a centralized log management solution from Graylog, Inc. in the United States. The product supports capturing, storing, and analyzing logs in real-time, among other things. An authorization issue vulnerability exists in Graylog versions 6.1 through 6.1.9, which stems from a failure of...

6.5CVSS6.3AI score0.00289EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.11 views

CBL Mariner 2.0 Security Update: php (CVE-2025-1736)

The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1736 advisory. - In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when...

7.3CVSS6.4AI score0.00531EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.9 views

Azure Linux 3.0 Security Update: php (CVE-2025-1736)

The version of php installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1736 advisory. - In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when...

7.3CVSS6.4AI score0.00531EPSS
Exploits0References2
OSV
OSV
added 2025/03/30 6:15 a.m.4 views

DEBIAN-CVE-2025-1736

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...

7.3CVSS6.2AI score0.00531EPSS
Exploits0References1
OSV
OSV
added 2025/03/30 6:15 a.m.7 views

AZL-59331 CVE-2025-1736 affecting package php for versions less than 8.3.19-1

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...

7.3CVSS6.7AI score0.00531EPSS
Exploits0References1
OSV
OSV
added 2025/03/30 6:15 a.m.8 views

AZL-59303 CVE-2025-1736 affecting package php for versions less than 8.1.32-1

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...

7.3CVSS6.7AI score0.00531EPSS
Exploits0References1
OSV
OSV
added 2025/03/30 6:15 a.m.6 views

AZL-59315 CVE-2025-1734 affecting package php for versions less than 8.1.32-1

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers missing a colon : are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers...

6.3CVSS6.7AI score0.00481EPSS
Exploits0References1
OSV
OSV
added 2025/03/30 6:15 a.m.12 views

CVE-2025-1736

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...

7.3CVSS7.1AI score
Exploits0References3
CVE
CVE
added 2025/03/30 5:49 a.m.1525 views

CVE-2025-1736

CVE-2025-1736 affects PHP 8.1.x before 8.1.32, 8.2.x before 8.2.28, 8.3.x before 8.3.19, and 8.4.x before 8.4.5. The issue is caused by insufficient validation of end-of-line characters in user-supplied headers, which may prevent certain headers from being sent or cause headers to be misinterpret...

7.3CVSS6.2AI score0.00531EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/03/30 5:49 a.m.20 views

CVE-2025-1736 Stream HTTP wrapper header check might omit basic auth header

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...

6.3CVSS0.00531EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/03/30 5:49 a.m.17 views

CVE-2025-1736

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...

7.3CVSS6.2AI score0.00531EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2025/03/28 1:54 p.m.1 views

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2024-52530: strictly don't allow NUL bytes in headers bsc1233285 glgoGNOME/libsoup377. CVE-2024-52532: websocket: Process the frame as soon as we read data bsc1233287 glgoGNOME/libsoup391. CVE-2024-52531: be more robust against invalid input...

8.7CVSS7.3AI score0.00933EPSS
Exploits2References12
SUSE Linux
SUSE Linux
added 2025/03/25 11:9 a.m.3 views

Security update for python-gunicorn

This update for python-gunicorn fixes the following issues: CVE-2024-6827: Fixed improper validation of the 'Transfer-Encoding' header value can allow for HTTP request smuggling attacks bsc1239830 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

8.7CVSS7.8AI score0.00738EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/03/22 12:35 p.m.8 views

CVE-2024-7819

A CORS misconfiguration in danswer-ai/danswer v1.4.1 allows attackers to steal sensitive information such as chat contents, API keys, and other data. This vulnerability occurs due to improper validation of the origin header, enabling malicious web pages to make unauthorized requests to the...

7.4CVSS6.5AI score0.00261EPSS
Exploits0References1
OSV
OSV
added 2025/03/20 12:32 p.m.9 views

GHSA-HC5X-X2VX-497G Gunicorn HTTP Request/Response Smuggling vulnerability

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

7.5CVSS6.9AI score0.00738EPSS
Exploits0References7
NVD
NVD
added 2025/03/20 10:15 a.m.5 views

CVE-2024-7819

A CORS misconfiguration in danswer-ai/danswer v1.4.1 allows attackers to steal sensitive information such as chat contents, API keys, and other data. This vulnerability occurs due to improper validation of the origin header, enabling malicious web pages to make unauthorized requests to the...

7.4CVSS0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.10 views

CVE-2024-6827 HTTP Request Smuggling in benoitc/gunicorn

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

7.5CVSS7.5AI score0.00738EPSS
Exploits0References1
Rows per page
Query Builder