Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

310 matches found

AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.4 views

Astra Linux – Vulnerability in Squid

A issue was discovered in Squid 4.x before 4.15, and in 5.x before 5.0.6. If a remote server sends a certain response header via HTTP or HTTPS, it can lead to a denial of service. This header can potentially appear in legitimate network traffic...

6.5CVSS6.9AI score0.71867EPSS
Exploits0References1
AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.4 views

Astra Linux – Vulnerability in Apache2

Before Apache HTTP Server 2.4.55, a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers serve any security purposes, they will not be interpreted by the client...

5.3CVSS6.6AI score0.57941EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/04 12:0 a.m.3 views

PT-2026-30325

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.17.0 Description Directus SSO login pages were missing the Cross-Origin-Opener-Policy COOP HTTP response header. This allowed a malicious cross-origin window to access and manipulate the window object of the...

8.7CVSS5.9AI score0.00169EPSS
Exploits0References4
CVE
CVEadded 2026/04/03 11:43 p.m.12 views

CVE-2026-34767

CVE-2026-34767 affects Electron before 38.8.6, 39.8.3, 40.8.3, and 41.0.3. It describes HTTP response header injection when apps register custom protocol handlers (protocol.handle / protocol.registerSchemesAsPrivileged) or modify headers via webRequest.onHeadersReceived if attacker-controlled inp...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/04/03 2:37 a.m.5 views

EUVD-2026-18933

Electron: HTTP Response Header Injection in custom protocol handlers and webRequest...

5.9CVSS5.9AI score0.00211EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/04/03 2:37 a.m.3 views

Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Impact Apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via webRequest.onHeadersReceived may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/04/02 5:57 p.m.19 views

CVE-2026-34715 ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting)

ewe is a Gleam web server. Prior to version 3.0.6, the encodeheaders function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF \r\n sequences. An application that passes user-controlled data into...

5.3CVSS0.00327EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/31 4:18 p.m.11 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.1.1

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.1 Vulnerability Details CVEID:CVE-2026-22732 DESCRIPTION: When applications specify HTTP response headers for servlet applications using Spring...

9.8CVSS6.8AI score0.1865EPSS
Exploits6Affected Software1
NVD
NVDadded 2026/02/09 4:15 a.m.7 views

CVE-2025-66607

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. Users could be redirected to malicious sites by an attacker. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

6.3CVSS0.00169EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/09 3:9 a.m.5 views

CVE-2025-66607

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. Users could be redirected to malicious sites by an attacker. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

6.3CVSS5.3AI score0.00169EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/09 3:9 a.m.3 views

CVE-2025-66607

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. Users could be redirected to malicious sites by an attacker. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

6.3CVSS5.3AI score0.00169EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/12/30 12:9 p.m.20 views

CVE-2023-54203 ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in initsmb2rsphdr When smb1 mount fails, KASAN detect slab-out-of-bounds in initsmb2rsphdr like the following one. For smb1 negotiate56bytes , initsmb2rsphdr for smb2 is called. The issue occurs whil...

0.00168EPSS
Exploits0References4
Debian CVE
Debian CVEadded 2025/12/30 12:9 p.m.3 views

CVE-2023-54203

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in initsmb2rsphdr When smb1 mount fails, KASAN detect slab-out-of-bounds in initsmb2rsphdr like the following one. For smb1 negotiate56bytes , initsmb2rsphdr for smb2 is called. The issue occurs whil...

5.3AI score0.00168EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2025/12/12 12:0 a.m.3 views

FreeBSD : www/varnish-libvmod-digest -- base64 decoding vulnerability (64bec4c7-d785-11f0-a1c0-0050569f0b83)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 64bec4c7-d785-11f0-a1c0-0050569f0b83 advisory. varnish developers report: Common usage of vmod-digest is for basic HTTP authentication, in which case ...

6.5CVSS6.6AI score0.0049EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2025/12/10 9:31 p.m.6 views

Race condition in the Okta Java SDK

Description In the Okta Java SDK, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. Affected product and versions You may be affected if you meet the...

8.4CVSS7AI score0.00181EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2020-17010

Malware in sbrugna...

6.5CVSS6.5AI score0.00694EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2018-19225

Malware in sbrugna...

5.3CVSS5.5AI score0.01273EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2005-2861

Malware in sbrugna...

4.3CVSS6.4AI score0.01298EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2018-14287

Malware in sbrugna...

5.4CVSS5.6AI score0.00745EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2019-8729

Malware in sbrugna...

3.5CVSS4.8AI score0.00517EPSS
Exploits0References2
Rows per page
Query Builder