Lucene search
+L

244 matches found

redhatcve
redhatcve
added 2026/07/09 12:5 p.m.6 views

CVE-2026-59892

A flaw was found in the @opentelemetry/propagator-jaeger component of OpenTelemetry JavaScript. This vulnerability allows an unauthenticated remote attacker to send specially crafted HTTP header values, specifically uber-trace-id and uberctx-. The component improperly decodes these values without...

7.5CVSS6AI score0.00436EPSS
Exploits0References6
euvd
euvd
added 2026/06/22 9:4 p.m.10 views

EUVD-2026-38369

Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header ...

6.4CVSS5.9AI score0.00251EPSS
Exploits0References2
ibm
ibm
added 2026/06/19 2:25 p.m.4 views

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities Host Header Injection observed

Summary Vulnerabilities have been identified in Host Header Injection , which is used in IBM Engineering Lifecycle Management -Engineering Workflow Management Vulnerability Details CVEID:CVE-2024-51454 DESCRIPTION: IBM Engineering Workflow Management is vulnerable to HTTP header injection, caused...

6.5CVSS5.8AI score0.00181EPSS
Exploits0Affected Software1
attackerkb
attackerkb
added 2026/06/18 4:13 p.m.8 views

CVE-2026-54106

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

5.1CVSS5.4AI score0.00289EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/05/29 12:0 a.m.13 views

cpp-httplib 环境问题漏洞

cpp-httplib is a C++ library developed by Yhirose, which includes HTTP/HTTPS server and client components. Versions of cpp-httplib prior to 0.44.0 contained an environmental issue vulnerability. This vulnerability stemmed from the server’s request parsing process, where percent signs were decoded...

9.9CVSS5.8AI score0.00295EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/05/28 3:28 p.m.9 views

CVE-2026-47675

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the serialize function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax ;, \r, \n, but does not apply the same validation to sameSite an...

4.3CVSS5.8AI score0.00216EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2026/05/23 12:0 a.m.10 views

UserSpice 跨站脚本漏洞

UserSpice is an open-source PHP framework for user management and identity authentication developed by UserSpice. Version 4.3.24 of userSpice contains a cross-site scripting vulnerability. This vulnerability stems from the injection of malicious scripts through the X-Forwarded-For HTTP header,...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
nvd
nvd
added 2026/05/20 7:16 a.m.12 views

CVE-2026-2955

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.4CVSS0.00223EPSS
Exploits0References2
euvd
euvd
added 2026/05/20 5:31 a.m.13 views

EUVD-2026-31064

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.4CVSS6AI score0.00223EPSS
Exploits0References2
redhat
redhat
added 2026/05/19 6:30 p.m.34 views

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS7AI score0.00463EPSS
Exploits0References7
githubexploit
githubexploit
added 2026/04/29 9:16 p.m.99 views

Exploit for CRLF Injection in Useplunk Plunk

CVE-2026-34975 — CRLF Email Header Injection in Plunk via raw...

8.5CVSS5.7AI score0.00194EPSS
Exploits2
snyk
snyk
added 2026/04/29 8:54 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Proxy process. An attacker can access internal services, retrieve sensitive cloud metadata, port-scan internal networks, or trigger internal-only endpoints by creating a cluster node with an...

9.9CVSS5.8AI score0.00318EPSS
Exploits1References2
nessus
nessus
added 2026/04/22 12:0 a.m.17 views

RHEL 9 : nodejs:20 (RHSA-2026:9874)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9874 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

8.7CVSS7.4AI score0.26356EPSS
Exploits2References10
nessus
nessus
added 2026/04/16 12:0 a.m.8 views

RHEL 8 : nodejs:20 (RHSA-2026:8339)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8339 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

8.7CVSS6.8AI score0.26356EPSS
Exploits2References11
euvd
euvd
added 2026/04/13 3:31 p.m.3 views

EUVD-2026-21918

Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue...

7.1CVSS5.8AI score0.00346EPSS
Exploits0References2
osv
osv
added 2026/04/13 12:0 a.m.16 views

ALSA-2026:7896 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophi...

8.7CVSS7.1AI score0.26356EPSS
Exploits2References10
nessus
nessus
added 2026/04/12 12:0 a.m.7 views

RockyLinux 10 : nodejs22 (RLSA-2026:7080)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7080 advisory. brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547 minimatch: minimatch: Denial of Service via...

9.8CVSS7AI score0.26356EPSS
Exploits2References19
osv
osv
added 2026/04/10 6:16 p.m.4 views

DEBIAN-CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.2AI score0.00562EPSS
Exploits0References1
redhat
redhat
added 2026/04/09 1:38 p.m.9 views

Important: Red Hat Security Advisory: nodejs22 security update

An update for nodejs22 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

9.8CVSS7.2AI score0.26356EPSS
Exploits2References9
redhat
redhat
added 2026/04/09 1:4 p.m.6 views

Important: Red Hat Security Advisory: nodejs:22 security update

An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.8AI score0.26356EPSS
Exploits2References10
Rows per page
Query Builder