Lucene search
K

103 matches found

Debian CVE
Debian CVE
added 2026/06/22 4:34 p.m.8 views

CVE-2026-54275

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request serverhostname...

7.5CVSS5.8AI score0.00266EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/22 4:33 p.m.6 views

CVE-2026-54274

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...

8.7CVSS5.8AI score0.00305EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/22 4:32 p.m.6 views

CVE-2026-54279

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. This vulnerability is fixed in 3.14.1...

7.5CVSS5.8AI score0.00279EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/21 4:13 p.m.8 views

cn.herodotus.engine:oauth2-authentication-autoconfigure (>=3.5.5.3 <=3.5.6.2), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.3.0.5 <=3.5.5.2) +2 more potentially affected by CVE-2026-23966 via org.webjars.npm:sm-crypto (=0.3.13)

org.webjars.npm:sm-crypto MAVEN version =0.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sm-crypto and may be impacted: - cn.herodotus.engine:oauth2-authentication-autoconfigure =3.5.5.3, =3.3.0.5, =3.3.0.5, =3.5.5.3, =3.5.6.2...

9.1CVSS5.8AI score0.00209EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:17 a.m.7 views

CVE-2019-2777

Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM subcomponent: Search. Supported versions that are affected are 19.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - Server...

6.1CVSS6.1AI score0.00968EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:20 a.m.6 views

CVE-2021-2353

Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM component: Loging. Supported versions that are affected are 21.5 and Prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Siebel Core - Server Framework...

4.4CVSS5.5AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/30 5:54 p.m.15 views

CVE-2025-69211

Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses @nestjs/platform-fastify; relies on NestMiddleware via MiddlewareConsumer for security checks...

9.1CVSS6.5AI score0.00355EPSS
Exploits1References5
CNVD
CNVD
added 2025/12/15 12:0 a.m.3 views

Adobe ColdFusion Input Validation Improperity Vulnerability (CNVD-2026-0494539)

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. An improper input validation vulnerability exists in Adobe ColdFusion, whi...

8.4CVSS6.1AI score0.03878EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.8 views

Arcade MCP Server Framework 信任管理问题漏洞

Arcade MCP Server Framework is an open source MCP server framework from Arcade.dev. A trust management issue vulnerability exists in Arcade MCP Server Framework versions prior to 1.5.4, which stems from hard-coding the default working key, which could lead to bypassing the authentication layer...

6.5CVSS6.6AI score0.00281EPSS
Exploits0References4
OSV
OSV
added 2025/11/12 4:29 a.m.4 views

MAL-2025-147899 Malicious code in server-framework-andromeda-aurora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1bf77a21aa60073ee5c5f6339fcbd7faac1ac57a81404777827d4cd1dd5a0e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.3 views

EUVD-2025-122024

Malicious code in server-framework-andromeda-aurora npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-0221

Malware in sbrugna...

5CVSS6.3AI score0.02374EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-4495

Malware in sbrugna...

3.3CVSS4.7AI score0.00374EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-6406

Malware in sbrugna...

4CVSS4.2AI score0.01261EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-4476

Malware in sbrugna...

4.3CVSS4.6AI score0.01922EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-6404

Malware in sbrugna...

4.3CVSS4.6AI score0.01979EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-35501

Malicious code in bioql PyPI...

7.5CVSS8AI score0.13833EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/09 1:46 a.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview @oakserver/oak is an A middleware framework for handling HTTP requests Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the x-forwarded-proto or x-forwarded-for headers. An attacker can cause significant performance degradation by sending...

6.9CVSS6.7AI score0.00388EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:2 p.m.6 views

CVE-2021-2039

Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM component: Search. Supported versions that are affected are 20.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Core - Server Framework...

7.6CVSS6.1AI score0.00937EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.18 views

Oracle Siebel Server (July 2021 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2021 CPU advisory. - Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM component: Services jackson-databind. Supported versions that are...

8.1CVSS6.9AI score0.73654EPSS
Exploits2References8
Rows per page
Query Builder