Lucene search
+L

791 matches found

Wolfi
Wolfi
added 2026/06/19 2:33 p.m.17 views

GHSA-RJFV-PJVX-MJGV vulnerabilities

Vulnerabilities for packages: aws-load-balancer-controller...

5.8AI score
Exploits0
Patchstack
Patchstack
added 2026/06/16 2:8 p.m.8 views

NPM: hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

NPM: hono: AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/16 2:8 p.m.11 views

GHSA-J6C9-X7QJ-28XF hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Summary On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes for example Expires dates, clients cannot split the value back into individual cookies and...

5.3CVSS5.4AI score0.00186EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/16 2:8 p.m.17 views

hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Summary On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes for example Expires dates, clients cannot split the value back into individual cookies and...

5.3CVSS5.3AI score0.00186EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49734

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.25 Description On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into a single comma-separated value. According to RFC 6265, each cookie must be its own...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References4
Fedora
Fedora
added 2026/06/15 12:51 a.m.13 views

[SECURITY] Fedora 44 Update: dnsdist-2.0.6-1.fc44

dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic...

9.1CVSS5.4AI score0.01073EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.13 views

CVE-2026-45558

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...

9.9CVSS6.5AI score0.00439EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/10 8:29 p.m.9 views

undertow: Undertow: Request smuggling via `\r\r\r` as a header block terminator

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

9.1CVSS5.4AI score0.00706EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/10 8:25 p.m.9 views

undertow: Undertow: Request smuggling via `\r\r\r` as a header block terminator

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

9.1CVSS5.4AI score0.00706EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/10 2:2 p.m.40 views

CVE-2026-45560 Roxy-WI: Stored XSS in log viewer (wrap_line/highlight_word produce unescaped HTML)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrapline app/modules/common/common.py:181-186 and highlightword app/modules/common/common.py:188-192 build raw HTML by string concatenation with no escaping. The frontend...

6.1CVSS0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:1 p.m.18 views

EUVD-2026-36039

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...

9.9CVSS6.5AI score0.00439EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 2:1 p.m.47 views

CVE-2026-45558 Roxy-WI: Authenticated RCE on every managed HAProxy load balancer via `option` field config injection in section save

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...

9.9CVSS0.00439EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 2:1 p.m.41 views

CVE-2026-45558

Roxy-WI versions 8.2.6.4 and earlier expose a vulnerability in the HAProxy config generation pathway. The HAProxy section-save endpoints (POST /api/service/haproxy//section/ and related PUT /global/defaults) accept a JSON option field that is not validated or escaped and is rendered verbatim into...

9.9CVSS6.5AI score0.00439EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 2:0 p.m.11 views

CVE-2026-45556 Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a configfilename form field that is passed straight through to configmod.masterslaveuploadandrestart... as the destination path. The validation chai...

9.9CVSS5.5AI score0.00372EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:0 p.m.18 views

EUVD-2026-36038

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a configfilename form field that is passed straight through to configmod.masterslaveuploadandrestart... as the destination path. The validation chai...

9.9CVSS5.5AI score0.00372EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 2:0 p.m.31 views

CVE-2026-45556

Roxy-WI (versions <= 8.2.6.4) is affected by CVE-2026-45556. The vulnerability arises in POST /waf///rule//save: the config_file_name field is passed to config_mod.master_slave_upload_and_restart(...) as the destination path. The validation only checks that the path contains a service substrin...

9.9CVSS5.5AI score0.00372EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 2:0 p.m.43 views

CVE-2026-45556 Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a configfilename form field that is passed straight through to configmod.masterslaveuploadandrestart... as the destination path. The validation chai...

9.9CVSS0.00372EPSS
Exploits0References1
Ivanti
Ivanti
added 2026/06/09 5:17 p.m.30 views

CVE‑2026‑49975 – HTTP/2 Denial of Service Vulnerability

Status: EPMM unaffected Summary: CVE‑2026‑49975 is a denial‑of‑service DoS vulnerability affecting HTTP/2 implementations in several web servers. The issue allows an unauthenticated attacker to exhaust server memory using specially crafted HTTP/2 requests. EPMM / Sentry rely on Apache Tomcat for...

7.5CVSS5.5AI score0.11471EPSS
Exploits8
RedHat Linux
RedHat Linux
added 2026/05/26 12:59 p.m.11 views

Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve

A flaw was found in Apache Tomcat. This open redirect vulnerability allows an attacker to redirect a user to an untrusted site. This occurs through the LoadBalancerDrainingValve, which can be exploited to manipulate URL redirection. The primary impact is that users may be unknowingly directed to...

6.1CVSS6.3AI score0.00526EPSS
Exploits0References5
OSV
OSV
added 2026/05/22 6:27 a.m.8 views

MAL-2026-4653 Malicious code in qaq-core-util-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41cf368bbc06ee2a9e0d2a9b2030d7604a41af7ed5fed253d48a0d9ff41f92f6 lib/memcached.js exports getCacheRedis, getCacheDataRedis, and setCacheRedis. Each function's signature accepts a cachedUrl parameter, but the...

5.8AI score
Exploits0References1
Rows per page
Query Builder