Lucene search
K

3724 matches found

RedHat Linux
RedHat Linux
added 2026/04/08 6:17 p.m.7 views

Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header

A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named proto. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an...

7.5CVSS5.9AI score0.26356EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/08 6:17 p.m.4 views

Important: Red Hat Security Advisory: nodejs:22 security update

An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.3AI score0.26356EPSS
Exploits2References11
RedHat Linux
RedHat Linux
added 2026/04/08 1:58 p.m.5 views

Important: Red Hat Security Advisory: nodejs22 security update

An update for nodejs22 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS5.9AI score0.26356EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.3 views

SUSE SLES12 Security Update : google-cloud-sap-agent (SUSE-SU-2026:1195-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1195-1 advisory. This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: - CVE-2026-33186:...

9.1CVSS6AI score0.01557EPSS
Exploits1References5
OSV
OSV
added 2026/04/08 12:0 a.m.6 views

ALSA-2026:7123 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547 minimatch: minimatch: Denial of Service via...

9.8CVSS6.9AI score0.26356EPSS
Exploits2References20
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 11:1 a.m.4 views

Security Bulletin: Memory Exhaustion Vulnerability in quic-go HTTP/3 Header Processing, affects watsonx.data

Summary quic-go versions 0.56.0 and below are vulnerable to memory exhaustion via specially crafted QPACK-encoded HEADERS frames. Insufficient limits on decoded header sizes allow attackers to trigger excessive memory allocation. This issue is fixed in version 0.57.0. This can affect watsonx.data...

5.3CVSS7.1AI score0.00325EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/07 10:25 a.m.4 views

SUSE-SU-2026:1198-1 Security update for ignition

This update for ignition fixes the following issue: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260251...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References3
OSV
OSV
added 2026/04/07 10:25 a.m.4 views

SUSE-SU-2026:1197-1 Security update for ignition

This update for ignition fixes the following issue: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260251...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References3
SUSE Linux
SUSE Linux
added 2026/04/07 10:25 a.m.3 views

Security update for ignition

This update for ignition fixes the following issue: CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260251 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

8.6CVSS5.9AI score0.01557EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/06 8:8 p.m.17 views

CVE-2026-35213 Regular Expression Denial of Service (ReDoS) in @hapi/content HTTP header parsing

@hapi/content provided HTTP Content- headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns...

8.7CVSS0.00413EPSS
Exploits0References2
OSV
OSV
added 2026/04/06 7:58 a.m.2 views

BIT-NODE-MIN-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS7.2AI score0.26356EPSS
Exploits0References17
Github Security Blog
Github Security Blog
added 2026/04/04 4:23 a.m.9 views

@hapi/content: Regular Expression Denial of Service (ReDoS) in HTTP header parsing

All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns susceptible to catastrophic backtracking. This has been...

8.7CVSS5.4AI score0.00413EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/03 11:43 p.m.22 views

CVE-2026-34767 Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via...

5.9CVSS0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/03 5:8 a.m.7 views

CVE-2025-66485

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

5.4CVSS5.9AI score0.002EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/02 12:31 a.m.4 views

EUVD-2025-209182

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

5.4CVSS5.9AI score0.002EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/01 11:1 p.m.2 views

CVE-2025-66485 Multiple vulnerabilities have been addressed in IBM Aspera Shares

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

5.4CVSS5.9AI score0.002EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 11:1 p.m.19 views

CVE-2025-66485 Multiple vulnerabilities have been addressed in IBM Aspera Shares

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

5.4CVSS0.002EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 11:1 p.m.3 views

CVE-2025-66485

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

5.4CVSS5.9AI score0.002EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/01 10:50 p.m.6 views

CVE-2026-34514

A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. A remote attacker, by manipulating the contenttype parameter, could inject additional HTTP headers. This could lead to unexpected behavior or bypass certain security measures within applications...

6.9CVSS5.8AI score0.00315EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.12 views

Amazon Linux 2023 : python3.13-tornado (ALAS2023-2026-1528)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1528 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for head...

8.7CVSS6.6AI score0.00396EPSS
Exploits0References10
Rows per page
Query Builder