Lucene search
K

4 matches found

RustSec
RustSec
added 2026/03/04 12:0 p.m.11 views

HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing

Pingora versions prior to 0.8.0 improperly allowed HTTP/1.0 request bodies to be close-delimited and incorrectly handled multiple Transfer-Encoding values. This allows an attacker to desync Pingora's request framing from backend servers and smuggle requests to the backend. This vulnerability...

9.3CVSS5.9AI score0.00707EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/02/12 4:16 p.m.9 views

CVE-2026-26216

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...

10CVSS6.7AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/06/03 12:15 p.m.3 views

CVE-2021-3569

A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS bad memory access and termination of swtpm. The highest threat from this vulnerability is to system availability...

5.5CVSS5.5AI score0.00259EPSS
Exploits0References2
OSV
OSV
added 2008/04/18 3:5 p.m.2 views

DEBIAN-CVE-2008-1693

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, relate...

6.8CVSS7.9AI score0.04941EPSS
Exploits1References1
Rows per page
Query Builder