Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded yesterday3 views

CVE-2026-6733

Undici’s HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes; when the client issues the next request on that socket, the injected r...

3.7CVSS5.3AI score
Exploits0References3
EUVD
EUVDadded yesterday4 views

EUVD-2026-37769

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.3AI score
Exploits0References3
OSV
OSVadded 2026/05/07 12:24 a.m.6 views

GHSA-RGRR-P7GP-5XJ7 Netty Redis Codec Encoder has a CRLF Injection Issue

Security Vulnerability Report: CRLF Injection in Netty Redis Codec Encoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-redis | | Component | io.netty.handler.codec.redis.RedisEncoder | | Vulnerability...

6.8CVSS6.2AI score0.00198EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2026/05/07 12:0 a.m.8 views

PT-2026-38378

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.133.Final Netty versions prior to 4.2.13.Final Description The Netty Redis codec encoder RedisEncoder writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF...

7.1CVSS6AI score0.00198EPSS
Exploits1References353
RedhatCVE
RedhatCVEadded 2025/10/31 10:7 p.m.4 views

CVE-2024-14006

Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient validation. An unauthenticated, remote attacker can supply a crafted Host header to poison generated...

8.8CVSS7.2AI score0.00378EPSS
Exploits0References1
OSV
OSVadded 2025/10/30 10:15 p.m.2 views

CVE-2024-14006

Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient validation. An unauthenticated, remote attacker can supply a crafted Host header to poison generated...

6.1CVSS5.9AI score0.00378EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2010-2956

Malware in sbrugna...

4.3CVSS6.4AI score0.02612EPSS
Exploits0References11
Hacker One
Hacker Oneadded 2020/07/08 6:38 p.m.26 views

Basecamp: HTTP request smuggling on Basecamp 2 allows web cache poisoning

It is found that an authenticated Basecamp 2 user can desync front and backend servers and poison the socket with harmful response for the next visitor. During redirect probe, It also appears that front-end infrastructure performs caching of content. Using HTTP request smuggling attack, It is...

0.3AI score
Exploits0
Rows per page
Query Builder