CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2025/06/12 12:0 a.m.•3 views

Amazon Linux 2023 : cni-plugins (ALAS2023-2025-1012)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1012 advisory. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...

9.8CVSS6.8AI score0.00294EPSS

Exploits0References6

Amazon•added 2025/06/12 12:0 a.m.•1 views

Important: cni-plugins

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7.2AI score0.00294EPSS

Amazon•added 2025/06/11 12:0 a.m.•1 views

Important: containerd

9.1CVSS6.9AI score0.00294EPSS

Amazon•added 2025/06/10 12:0 a.m.•2 views

Important: cni-plugins

9.1CVSS9.6AI score0.00294EPSS

OSV•added 2025/06/06 2:4 p.m.•1 views

OESA-2025-1611 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size...

7.5CVSS6.9AI score0.01011EPSS

Exploits1References2

Amazon•added 2025/06/02 12:0 a.m.•7 views

Important: runfinch-finch

9.1CVSS7.6AI score0.00294EPSS

Tenable Nessus•added 2025/06/02 12:0 a.m.•9 views

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2025-978)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-978 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...

9.1CVSS6.9AI score0.00294EPSS

Debian•added 2025/05/29 7:18 a.m.•6 views

[SECURITY] [DLA 4187-1] varnish security update

Debian LTS Advisory DLA-4187-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 28, 2025 https://wiki.debian.org/LTS Package : varnish Version : 6.5.1-1+deb11u5 CVE ID : CVE-2025-47905 A client-side desync vulnerability can be triggered in Varnish, a...

5.4CVSS6.3AI score0.0029EPSS

Tenable Nessus•added 2025/05/29 12:0 a.m.•2 views

Amazon Linux 2 : nerdctl (ALAS-2025-2863)

The version of nerdctl installed on the remote host is prior to 2.0.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2863 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a...

9.1CVSS7.3AI score0.00294EPSS

Exploits0References6

Tenable Nessus•added 2025/05/29 12:0 a.m.•5 views

Debian dla-4187 : libvarnishapi-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4187 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4187-1 [email protected] https://www.debian.org/lts/security/...

5.4CVSS6.1AI score0.0029EPSS

Tenable Nessus•added 2025/05/29 12:0 a.m.•5 views

Amazon Linux 2 : oci-add-hooks (ALASNITRO-ENCLAVES-2025-061)

The version of oci-add-hooks installed on the remote host is prior to 0-0.3.20200504git325a340. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-061 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid...

9.1CVSS7AI score0.00294EPSS

RedhatCVE•added 2025/05/22 5:54 p.m.•3 views

CVE-2020-7659

reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as...

7.5CVSS6.8AI score0.00095EPSS

RedhatCVE•added 2025/05/22 5:10 p.m.•3 views

CVE-2020-35884

An issue was discovered in the tinyhttp crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header...

6.5CVSS6.8AI score0.00239EPSS

RedhatCVE•added 2025/05/22 3:12 p.m.•4 views

CVE-2020-7670

agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct...

7.5CVSS6.7AI score0.00289EPSS

RedhatCVE•added 2025/05/21 10:40 p.m.•6 views

CVE-2002-2394

InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding...

5CVSS8.2AI score0.01635EPSS

Tenable Nessus•added 2025/05/13 12:0 a.m.•1 views

FreeBSD : www/varnish7 -- Request Smuggling Attack (89c668d5-2f80-11f0-9632-641c67a117d8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 89c668d5-2f80-11f0-9632-641c67a117d8 advisory. The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish...

5.7AI score

Exploits0References2

FreeBSD•added 2025/05/12 12:0 a.m.•9 views

www/varnish7 -- Request Smuggling Attack

The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish Cache and Varnish Enterprise. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 requests. An attacker can abuse a flaw in Varnish's handling of chunked...

7.1AI score