Lucene search
K

16642 matches found

CVE
CVE
added 7 hours ago8 views

CVE-2026-20146

Cisco Identity Services Engine (ISE) and ISE-PIC are affected by CVE-2026-20146. The issue stems from improper validation of user-supplied input, enabling a remote, authenticated attacker (with valid administrative credentials) to perform path traversal via a crafted HTTP request and read or dele...

5.5CVSS6.2AI score
Exploits0References1
Nuclei
Nuclei
added 19 hours ago77 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through t...

10CVSS7.1AI score0.39544EPSS
Exploits1References3
Nuclei
Nuclei
added 19 hours ago475 views

Moodle - Cross-Site Scripting/Remote Code Execution

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before...

6.5CVSS6.8AI score0.06583EPSS
Exploits3References5
Nuclei
Nuclei
added 19 hours ago368 views

Qlik Sense Enterprise - HTTP Request Smuggling

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

9.9CVSS7.1AI score0.84967EPSS
Exploits0References5
Nuclei
Nuclei
added 19 hours ago177 views

EasySpider 0.6.2 - Arbitrary File Read

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...

8.8CVSS5.6AI score0.03333EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added yesterday5 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a HTTP Request Smuggling Vulnerability in Netty (CVE-2026-33870)

Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the Server/Agent/Relay communication system. CVE-2026-33870. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...

7.5CVSS6.6AI score0.0064EPSS
Exploits1Affected Software1
Cvelist
Cvelist
added yesterday23 views

CVE-2026-12606

Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling...

6.3CVSS0.00267EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday115 views

Citrix SD-WAN Center - Local File Inclusion

Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this...

10CVSS7.2AI score0.39335EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday94 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerabili...

10CVSS7.1AI score0.42551EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday95 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the addModifyZTDProxy function in NmsController. The function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by...

10CVSS7.1AI score0.39544EPSS
Exploits1References3
EUVD
EUVD
added yesterday6 views

EUVD-2026-43584

Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to ...

9.1CVSS6AI score0.00539EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57984

Name of the Vulnerable Software and Affected Versions Eclipse Grizzly versions prior to 5.0.2 Description An issue exists where the software cannot properly parse the trailer section in a malformed trailer header line. This flaw can be leveraged to perform HTTP request smuggling, a technique used...

6.3CVSS6.1AI score0.00267EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-57935

Name of the Vulnerable Software and Affected Versions SAP Approuter affected versions not specified Description An unauthenticated attacker can exploit an HTTP Request Smuggling issue by sending a specially crafted HTTP request. This leads to request-response desynchronization, a condition where...

9.1CVSS6AI score0.00539EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added yesterday2 views

EulerOS 2.0 SP10 : busybox (EulerOS-SA-2026-2641)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line ...

8.8CVSS7.3AI score0.00375EPSS
Exploits1References3
Nuclei
Nuclei
added 2 days ago17 views

Gradio - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

8.6CVSS7AI score0.37366EPSS
Exploits1References2
CVE
CVE
added 5 days ago8 views

CVE-2026-49213

TypeBot prior to version 3.17.2 contains an SSRF protection bypass in the shared validator (packages/lib/src/ssrf/validateHttpReqUrl.ts). The validator allows the IPv6 unspecified address :: (and its expanded form) to bypass local, metadata, and private range checks, enabling a workspace editor/c...

8.1CVSS6.1AI score0.00319EPSS
Exploits0References4
OSV
OSV
added 5 days ago3 views

CVE-2026-49213 TypeBot: SSRF protection bypass via IPv6 unspecified address in Typebot HTTP request execution

TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks local, metadata, and private ranges but does not block :: or its expanded form. ...

8.1CVSS6.1AI score0.00319EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago12 views

EUVD-2026-33941

mint: Content-Length header accepts non-RFC "+" sign prefix...

6.3CVSS5.9AI score0.00301EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56826

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.61 n8n versions prior to 2.27.4 n8n versions prior to 2.28.1 Description An authenticated member with use-only editor access to a shared workflow can read credential-populated headers exposed via the $request object...

7.1CVSS6.1AI score0.00294EPSS
Exploits0References8
Nuclei
Nuclei
added 2026/07/08 5:22 a.m.210 views

Rejetto HTTP File Server - Template injection

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...

9.8CVSS7.6AI score0.99485EPSS
Exploits20References2
Rows per page
Query Builder