Lucene search
K

13007 matches found

EUVD
EUVD
added 2026/06/17 12:47 p.m.9 views

EUVD-2025-210242

Unauthenticated Local File Inclusion in Line Agency = 1.3.1 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.27 views

CVE-2025-69175 WordPress Line Agency theme <= 1.3.1 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Line Agency = 1.3.1 versions...

8.1CVSS0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 8:13 a.m.30 views

CVE-2026-27869 WEB SERVICE (HTTP) DENIAL OF SERVICE VIA SLOW HEADERS ON REGESTA SMART HD-PLC OF TELDAT

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, NO registration action is required who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service DoS on the web interface of the device. This issue affects Regesta Smart...

6.9CVSS0.00394EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/16 8:5 a.m.4 views

postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

8.8CVSS6.4AI score0.00464EPSS
Exploits0References5
Fedora
Fedora
added 2026/06/16 1:3 a.m.20 views

[SECURITY] Fedora 44 Update: 7zip-26.01-1.fc44

7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: High compression ratio in 7z format with LZMA and LZMA2 compression Supported formats: Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT,...

8.8CVSS5.3AI score0.00938EPSS
Exploits8
EUVD
EUVD
added 2026/06/15 8:46 p.m.11 views

EUVD-2026-36468

Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted...

5.3CVSS5.3AI score0.00232EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 8:46 p.m.9 views

Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted

Summary Before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all whitespace. RFC 9112 §2.2 only asks servers to ignore empty CRLF lines preceding the request-line — a carefully scoped robustness allowance...

5.3CVSS5.3AI score0.00232EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/15 8:9 p.m.7 views

GHSA-63HW-FMQ6-XXG2 aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

Summary It is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. Impact If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send oversized lines through the HTTP parser and use an excessive amount of memory, potential...

8.7CVSS5.4AI score0.00322EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/15 8:9 p.m.16 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the C HTTP parser when the maxlinesize check is bypassed for fragmented lines. An attacker can cause excessive memory consumption by sending oversized HTTP request lines, potential...

8.7CVSS5.3AI score0.00322EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:9 p.m.11 views

aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

Summary It is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. Impact If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send oversized lines through the HTTP parser and use an excessive amount of memory, potential...

8.7CVSS5.4AI score0.00322EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/15 8:7 p.m.8 views

GHSA-M6QW-4CW2-HM4M aiohttp: CRLF injection in multipart headers

Summary Attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. Impact In the unlikely situation that an application is passing user-controlled strings into MultipartWriter.appendheaders=... or Payload.headers, the...

6.9CVSS5.4AI score0.00301EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 5:26 p.m.35 views

GHSA-HMW2-7CC7-3QXX form-data: CRLF injection in form-data via unescaped multipart field names and filenames

Summary form-data builds multipart/form-data request bodies. Through v4.0.5, the field name passed to FormDataappend and the filename option are concatenated directly into the Content-Disposition header with no escaping of CR \r, LF \n, or ". An application that uses untrusted input as a field na...

8.7CVSS5.5AI score0.00409EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/15 8:36 a.m.15 views

CVE-2026-50020

A flaw was found in Netty. The HttpObjectDecoder component, which processes incoming HTTP requests, incorrectly skips certain control characters and whitespace before reading the first request line. This behavior, which goes beyond standard HTTP protocol requirements, can lead to request-boundary...

5.3CVSS4.9AI score0.00232EPSS
Exploits0References6
OSV
OSV
added 2026/06/15 12:0 a.m.7 views

UBUNTU-CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

6.3CVSS5.5AI score0.00313EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.20 views

PT-2026-49591

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description An issue exists in the C parser of the asynchronous HTTP client/server framework where the max line size check can be bypassed in parts of an HTTP request. When using the optimized C parser, which i...

8.7CVSS5.9AI score0.00322EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49536

Name of the Vulnerable Software and Affected Versions browserstack-cypress-cli versions prior to 1.36.4 Description The browserstack-cypress-cli allows users to run Cypress tests on BrowserStack. An OS command injection is possible through the cypress config file configuration parameter. In the...

7.8CVSS5.6AI score0.00533EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 8:57 p.m.15 views

Malicious code in claudechor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a9cbb36cf7ed82685830b5d3a2b341bff9ef86e2688842d1f54259b2b6fb533 The package's bin entry reads installer-owned Claude credential files /.claude/.credentials.json and /.claude.json — written by Anthropic's official...

5.3AI score
Exploits0References5
CVE
CVE
added 2026/06/12 8:37 p.m.22 views

CVE-2026-42853

Vulnerability: CVE-2026-42853 affects ApostropheCMS CLI (@apostrophecms/cli) versions up to 3.6.0. Description: command injection in the apos create flow caused by embedding unsanitized password-prompt input directly into a shell command, enabling arbitrary command execution on the host. Root cau...

6.5CVSS5.8AI score0.00428EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 8:16 p.m.10 views

CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

8.8CVSS0.00287EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/06/12 7:21 p.m.97 views

aetherion

/\ | | | | | |...

8.8CVSS5.4AI score0.00541EPSS
Exploits12
Rows per page
Query Builder