Lucene search
K

1665 matches found

FreeBSD
FreeBSD
added 2026/05/12 12:0 a.m.19 views

zeek -- potential DoS vulnerability

Wojtulewicz of Corelight reports: A specially-crafted series of MIME headers sent via SMTP or HTTP could cause Zeek to use large amounts of memory and potentially crash...

5.8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/11 9:39 p.m.42 views

libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.8AI score0.00829EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/11 9:14 p.m.5 views

CVE-2026-7010 HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one ...

5.8AI score0.00227EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 9:14 p.m.6 views

CVE-2026-7010

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one ...

5.8AI score0.00227EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

HTTP::Tiny 注入漏洞

HTTP::Tiny is a small, simple, and correct HTTP/1.1 client developed by Perldoc. Versions prior to HTTP::Tiny 0.093 had an injection vulnerability due to unvalidated CRLF characters. This vulnerability could allow attackers to inject additional headers and request payloads...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/09 2:43 a.m.15 views

SUSE CVE-2026-33814

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References69
EUVD
EUVD
added 2026/05/07 7:41 p.m.14 views

EUVD-2026-28420

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

5.8AI score0.00781EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/05/07 7:41 p.m.8 views

CVE-2026-33814

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

7.5CVSS5.8AI score0.00781EPSS
Exploits0
Snyk
Snyk
added 2026/05/07 12:22 a.m.12 views

HTTP Request Smuggling

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling when parsed HTTP requests contain malformed Transfer-Encoding headers...

8.7CVSS5.8AI score0.00248EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/07 12:0 a.m.9 views

CVE-2026-30496

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration 74 endpoints and writing/modifying settings including volume, mute,...

5.9AI score0.00326EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

Optoma CinemaX P2 安全漏洞

The Optoma CinemaX P2 is a super-short focal-length 4K laser home projector from Optoma. The Optoma CinemaX P2 has a security vulnerability, which stems from exposing the HTTP API on TCP port 2345 and allowing unauthorized remote control. This vulnerability could allow any device on the same...

9.8CVSS5.9AI score0.00326EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/06 10:16 p.m.13 views

CVE-2026-41417

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

5.3CVSS5.8AI score0.00307EPSS
Exploits1References2
NVD
NVD
added 2026/05/06 1:16 p.m.66 views

CVE-2026-40562

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

7.5CVSS0.00319EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/06 12:36 p.m.89 views

CVE-2026-40562 Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

0.00319EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.7 views

PT-2026-37773

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise...

5.3CVSS6.5AI score0.014EPSS
Exploits0References9
Redos
Redos
added 2026/05/06 12:0 a.m.9 views

ROS-20260506-73-0044

Vulnerability in erlang related to flaws in http request handling. Exploitation of the vulnerability could allow a remote attacker to send a hidden http request http request smuggling attack...

9.4CVSS7.2AI score0.00528EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/05 3:24 a.m.50 views

CVE-2026-35228

Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects component: helper tool. The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server...

8.7CVSS0.00221EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/04 12:45 a.m.44 views

CVE-2026-42368 GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability

A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability...

9.9CVSS0.00348EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/03 12:57 a.m.33 views

EUVD-2026-26806

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.8AI score0.00378EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/01 9:46 a.m.62 views

CVE-2026-42404 Apache Neethi: Unrestricted HTTP Redirect Following in Policy References

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

6.5CVSS0.00497EPSS
Exploits0References1
Rows per page
Query Builder