Lucene search
K

197 matches found

OSV
OSV
added 2026/05/29 8:16 p.m.9 views

DEBIAN-CVE-2026-45372

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check isfieldvalue is run before decoding, so encode...

9.9CVSS5.6AI score0.00295EPSS
Exploits1References1
OSV
OSV
added 2026/05/29 8:16 p.m.9 views

UBUNTU-CVE-2026-45372

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check isfieldvalue is run before decoding, so encode...

9.9CVSS5.6AI score0.00295EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:21 p.m.10 views

CVE-2026-45372

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check isfieldvalue is run before decoding, so encode...

9.9CVSS5.6AI score0.00295EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.17 views

PT-2026-41897

Name of the Vulnerable Software and Affected Versions HestiaCP versions 1.9.0 through 1.9.4 Description A deserialization issue exists in the web terminal component due to a session format mismatch between PHP and Node.js. This allows unauthenticated remote attackers to achieve root-level code...

10CVSS6.3AI score0.01072EPSS
Exploits0References10
Mageia
Mageia
added 2026/05/15 6:17 a.m.10 views

Updated perl-HTTP-Tiny packages fix security vulnerability

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. CVE-2026-7010...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References3
OSV
OSV
added 2026/05/13 9:16 p.m.5 views

DEBIAN-CVE-2026-42561

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...

7.5CVSS5.8AI score0.00549EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:55 p.m.7 views

CVE-2026-42561

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...

7.5CVSS5.8AI score0.00549EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: jetty (UTSA-2026-017747)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017747 advisory. In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large numbe...

5.3CVSS6.7AI score0.7795EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/01 12:0 a.m.15 views

EUVD-2026-26693

OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elfloader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems STM32MP1, Zynq, i.MX, large values can...

8.4CVSS5.9AI score0.00253EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/29 6:22 p.m.4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the WAV file processing path when the multiplication of samplesperblock and blocks exceeds the maximum value for a 32-bit integer, resulting in an integer overflow before assignment to a 64-bit variable...

7.5CVSS6AI score0.00504EPSS
Exploits1References2
CVE
CVE
added 2026/04/29 11:44 a.m.87 views

CVE-2026-42249

CVE-2026-42249 affects Ollama for Windows and is a remote code execution in the update mechanism caused by improper handling of attacker-controlled HTTP response headers. Update file paths are built from header-derived values and passed to filepath.Join, enabling path traversal (../) and writing ...

9.8CVSS6.5AI score0.00625EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

Ollama 路径遍历漏洞

Ollama is an open-source tool developed by Ollama that can be run locally, used for managing and customizing large language models. Versions of Ollama from 0.12.10 to 0.17.5 have a path traversal vulnerability. This vulnerability stems from the improper handling of HTTP response headers in the...

9.8CVSS6.2AI score0.00625EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/17 11:25 p.m.5 views

SUSE CVE-2026-35469

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...

6.5CVSS5.7AI score0.00656EPSS
Exploits0References13
Debian CVE
Debian CVE
added 2026/04/16 9:19 p.m.4 views

CVE-2026-35469

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...

8.7CVSS5.5AI score0.00656EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29923

Summary Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename or name instead of removing the folded line break during unfolding. As a result,...

4.8CVSS5.8AI score0.00227EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Rack 安全漏洞

Rack is a modular Ruby web server interface developed by Rack authors. Vulnerabilities exist in versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6. These vulnerabilities stem from Rack::Sendfilemapaccelpath directly inserting the values of the X-Accel-Mapping request header into regular...

7.5CVSS5.8AI score0.00209EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 9:44 a.m.5 views

CVE-2026-3634

A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed CRLF sequence due to improper input sanitization in the soupmessageheaderssetcontenttype function. This vulnerability allows for the injection of arbitrary...

3.9CVSS5.8AI score0.00184EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/11 6:44 p.m.3 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized header or query parameter match values in the HTTPRoute resource. An attacker can bypass listener hostname constraints and...

7.6CVSS5.8AI score0.00277EPSS
Exploits0References2
RustSec
RustSec
added 2026/03/11 12:0 p.m.10 views

`Authorization::value` and `WwwAuthenticate::value` can violate ASCII invariants

Authorization::value uses HeaderValue::value with the claim that the internal string is ASCII, but Authorization::new and Authorization::setcredentials accept arbitrary String credentials without validation. As a result, safe code can construct a header value containing non-ASCII UTF-8 while the...

5.7AI score
Exploits0
CVE
CVE
added 2026/03/10 9:58 p.m.27 views

CVE-2026-31838

CVE-2026-31838 describes a vulnerability in Istio where an Envoy RBAC header matching could bypass authorization when policies rely on HTTP headers with multiple values. Affected are Istio deployments using Envoy before versions 1.29.1, 1.28.5, or 1.27.8. An attacker could craft requests with mul...

6.9CVSS5.8AI score0.00214EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder