Lucene search
K

281 matches found

Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-57875 GV-LPC2011/LPC2211 - unauthorized null pointer dereference vulnerability in packet parsing

An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the...

7.5CVSS0.01266EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-57875

GeoVision GV-LPC2011 and GV-LPC2211 components (GV-LPC2011/LPC2211 V1.12 and earlier) contain an unauthenticated NULL pointer dereference in the HTTP request parsing logic. The root cause is improper validation of required HTTP request metadata before use by the affected CGI components, allowing ...

7.5CVSS5.9AI score0.01266EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-39631

An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the...

7.5CVSS5.9AI score0.01266EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 9:5 a.m.7 views

BIT-GITLAB-2026-7250 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an unauthenticated user to cause denial of service due to improper input validation in the API request...

7.5CVSS5.4AI score0.0037EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/11 3:20 p.m.9 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of the Host header when parsing raw HTTP request messages or deriving a server request URI from server variables. An attacker can manipulate the Host header to include URI authori...

6.9CVSS5.4AI score0.00198EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 1:4 p.m.7 views

GHSA-34XG-WGJX-8XPH guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

Impact guzzlehttp/psr7 improperly interpreted malformed Host header values when constructing request URIs from inbound request data. This issue concerns inbound request parsing and server request construction. It does not require serializing a PSR-7 request, and it is not part of the normal...

5.3CVSS5.5AI score0.00198EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/11 12:34 p.m.8 views

CVE-2026-48998 guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker can provide a malformed Host header containing U...

5.3CVSS5.4AI score0.00198EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 12:34 p.m.55 views

CVE-2026-48998

GuzzleHttp/psr7 (PHP) before version 2.10.2 is affected by improper Host header validation when parsing raw HTTP requests or deriving a server request URI from server variables. An attacker can supply a Host header containing URI delimiters (for example [email protected]) that can be r...

5.3CVSS5.5AI score0.00198EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/11 12:16 p.m.11 views

CVE-2026-7250

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an unauthenticated user to cause denial of service due to improper input validation in the API request...

7.5CVSS0.0037EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 12:16 p.m.4 views

UBUNTU-CVE-2026-7250

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an unauthenticated user to cause denial of service due to improper input validation in the API request...

7.5CVSS5.3AI score0.0037EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/11 10:20 a.m.9 views

CVE-2026-7250 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an unauthenticated user to cause denial of service due to improper input validation in the API request...

7.5CVSS5.5AI score0.0037EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.12 views

PT-2026-48653

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 12.10 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description An issue exists where improper input validation in the API request parsing middleware could allow an...

7.5CVSS5.1AI score0.0037EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-8047

The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device...

8.7CVSS5.6AI score0.00445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.8 views

CVE-2026-8466

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

8.2CVSS5.6AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/27 8:14 p.m.12 views

CVE-2026-48135

A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation...

5.3CVSS5.8AI score0.02607EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 8:16 a.m.13 views

CVE-2026-8047

The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device...

8.7CVSS0.00445EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.12 views

PT-2026-43199

The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device...

8.7CVSS5.9AI score0.00445EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/22 5:27 p.m.14 views

aiosend: Deserialization of request body before signature verification (Pre-auth DoS) in webhook handler

Vulnerability Description In aiosend/webhook/base.py, the WebhookHandler.feedupdate method performs full deserialization of the incoming JSON via Pydantic before verifying the HMAC signature. Anyone can send a request with an arbitrary body — the server will parse it, spend CPU and memory, and on...

6AI score
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-31842

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs....

8.7CVSS5.8AI score0.00899EPSS
Exploits1References3
NVD
NVD
added 2026/04/07 12:16 p.m.6 views

CVE-2026-31842

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...

8.7CVSS0.00899EPSS
Exploits1References3
Rows per page
Query Builder