Lucene search
+L

245 matches found

RedHat Linux
RedHat Linux
added 2026/04/09 1:4 p.m.6 views

Important: Red Hat Security Advisory: nodejs:22 security update

An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.8AI score0.26356EPSS
Exploits2References10
Rockylinux
Rockylinux
added 2026/04/09 12:1 a.m.7 views

nodejs:22 security update

An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS6.9AI score0.26356EPSS
Exploits2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

NVIDIA Triton Inference Server 安全漏洞

NVIDIA Triton Inference Server is an open-source software developed by NVIDIA Corporation. It helps standardize model deployment and provide fast, scalable AI in production environments. NVIDIA Triton Inference Server has a security vulnerability. This vulnerability arises from the possibility of...

7.5CVSS5.8AI score0.00471EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.8 views

aiohttp 环境问题漏洞

aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of aiohttp prior to 3.13.4 contained environmental issues; these issues stemmed from aiohttp’s ability to allow multiple host headers...

6.3CVSS5.8AI score0.00288EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/25 8:20 p.m.7 views

CVE-2026-33223

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header Nats-Request-Info: is supposed to be a guarantee of identity by the NATS server, but the stripping of this header from inbound messages was...

6.4CVSS5.8AI score0.00211EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/03/23 2:53 a.m.7 views

Moderate: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

6CVSS7.3AI score0.0056EPSS
Exploits0References4
OSV
OSV
added 2026/03/20 2:25 p.m.6 views

OESA-2026-1682 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the...

8.7CVSS5.8AI score0.00347EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/03/10 12:24 a.m.5 views

SUSE CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

7.5CVSS5.7AI score0.00401EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.6 views

CVE-2026-29046

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...

9.2CVSS5.8AI score0.00387EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.6 views

Caddy 数据伪造问题漏洞

Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy 2.10.0 to 2.11.2 had a data manipulation vulnerability. This vulnerability stemmed from the forwardauth copyheaders function not stripping the headers provided by the client, which could lead...

8.8CVSS7.2AI score0.00249EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/04 8:45 a.m.36 views

CVE-2026-27443 S/MIME Decryption Tag Sanitization Bypass

SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...

8.2CVSS0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/26 7:58 a.m.5 views

CVE-2026-1698 HTTP Host header vulnerability in WebClient and WebScheduler web apps

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

5.3CVSS5.5AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 7:58 a.m.23 views

CVE-2026-1698 HTTP Host header vulnerability in WebClient and WebScheduler web apps

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

5.3CVSS0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.7 views

PcVue 安全漏洞

PcVue is a reliable, secure, and powerful operational software platform developed by PcVue Corporation. It is specifically designed for monitoring and controlling applications in markets such as building management and park management. Versions of PcVue from 15.0.0 to 16.3.3 have security...

6.1CVSS5.9AI score0.00207EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/24 8:34 p.m.10 views

Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass

Summary Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass host-based routing and any access controls attached to that route by changing the...

9.1CVSS5.7AI score0.0037EPSS
Exploits1References6Affected Software1
Rosalinux
Rosalinux
added 2026/02/16 12:24 p.m.10 views

Advisory ROSA-SA-2026-3190

Software: libsndfile 1.0.28 OS: ROSA Virtualization 2.1 unaffected versions = libsndfile-1.0.28-16.0.2.rv3 affected versions libsndfile-1.0.28-16.0.2.rv3 CVE-ID: CVE-2017-14634 BDU-ID: 2021-03755 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the double64init function of the libsndfile library is...

6.5CVSS6.3AI score0.03423EPSS
Exploits2
Rosalinux
Rosalinux
added 2026/02/16 7:27 a.m.8 views

Advisory ROSA-SA-2026-3151

Software: libsoup 2.62.3 OS: ROSA Virtualization 3.1 unaffected versions = libsoup-2.62.3-11.rv31 affected versions libsoup-2.62.3-11.rv31 CVE-ID: CVE-2025-4945 BDU-ID: 2025-10260 CVE-Crit: LOW CVE-DESC.: A vulnerability in the libsoup library of the GNOME GUI is related to integer overflow durin...

9CVSS7.5AI score0.00933EPSS
Exploits3
EUVD
EUVD
added 2026/02/04 12:0 a.m.8 views

EUVD-2025-206781

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...

7.5CVSS5.5AI score0.00478EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.6 views

Altitude Communication Server injection vulnerability

Altitude Communication Server is an IP contact center software developed by the American company Altitude. Version 8.5.3290.0 of Altitude Communication Server has a vulnerability that stems from operations on the Host header in HTTP requests. This vulnerability may lead to redirection to arbitrar...

5.1CVSS5.9AI score0.00434EPSS
Exploits0References2
CVE
CVE
added 2026/01/23 3:1 a.m.19 views

CVE-2026-0791

Summary (CVE-2026-0791) : The ALGO 8180 IP Audio Alerter is affected by a stack-based buffer overflow in the handling of the SIP INVITE Replaces header. The issue arises from insufficient validation of the length of user-supplied data before copying it into a fixed-length stack buffer, enabling r...

9.8CVSS6.5AI score0.00807EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder