Lucene search
K

55 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Fedora 42 : cpp-httplib (2026-3b0e5b457d)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3b0e5b457d advisory. Update to 0.30.1 - Denial of service DOS using zip bomb CVE-2026-22776 - CRLF injection in http headers CVE-2026-21428 - Untrusted HTTP Header...

10CVSS5.7AI score0.00603EPSS
Exploits6References7
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.4 views

Fedora 43 : cpp-httplib (2026-e50e41fcea)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e50e41fcea advisory. Update to 0.30.1 - Denial of service DOS using zip bomb CVE-2026-22776 - CRLF injection in http headers CVE-2026-21428 - Untrusted HTTP Header...

10CVSS5.7AI score0.00372EPSS
Exploits4References5
OSV
OSV
added 2026/01/13 9:52 p.m.2 views

GHSA-3VHC-576X-3QV4 Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg" (untrusted header.alg fallback)

Summary A flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly define an algorithm. This could enable JWT algorithm confusion and, in certain configurations, allow forged...

8.2CVSS5.7AI score0.00118EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/13 9:52 p.m.9 views

Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg" (untrusted header.alg fallback)

Summary A flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly define an algorithm. This could enable JWT algorithm confusion and, in certain configurations, allow forged...

8.2CVSS7AI score0.00118EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/13 7:49 p.m.3 views

CVE-2026-22818 JWT algorithm confusion in Hono JWK Auth Middleware when JWK lacks "alg" (untrusted header.alg fallback)

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly defi...

8.2CVSS6.1AI score0.00118EPSS
Exploits0References2
CVE
CVE
added 2026/01/13 7:49 p.m.50 views

CVE-2026-22818

CVE-2026-22818 concerns Hono’s JWK/JWKS JWT verification middleware. Prior to 4.11.4, if a JWK did not explicitly specify an algorithm, the middleware could derive the signature verification algorithm from the untrusted JWT header’s alg value, enabling algorithm confusion and potentially forged t...

8.2CVSS6.2AI score0.00118EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/12/15 7:37 p.m.5 views

GO-2025-4207 1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers in github.com/1Panel-dev/1Panel

1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers in github.com/1Panel-dev/1Panel...

6.5CVSS6.9AI score0.00196EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/17 2:52 p.m.4 views

CVE-2025-61536

FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset magic links using the untrusted req.headers.host header and forces the http:// scheme. An attacker who can control the Host header or exploit a misconfigured proxy/load-balancer that forwards the header unchanged can cause reset lin...

8.2CVSS6.9AI score0.00394EPSS
Exploits0References1
NVD
NVD
added 2025/10/16 3:15 p.m.5 views

CVE-2025-61536

FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset magic links using the untrusted req.headers.host header and forces the http:// scheme. An attacker who can control the Host header or exploit a misconfigured proxy/load-balancer that forwards the header unchanged can cause reset lin...

8.2CVSS0.00394EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/21 12:8 a.m.13 views

CVE-2025-52924

In One Identity OneLogin before 2025.2.0, the SQL connection "application name" is set based on the value of an untrusted X-RequestId HTTP request header...

4CVSS7.2AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2025/07/19 3:15 a.m.7 views

CVE-2025-52924

In One Identity OneLogin before 2025.2.0, the SQL connection "application name" is set based on the value of an untrusted X-RequestId HTTP request header...

4CVSS0.00245EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/19 12:0 a.m.11 views

CVE-2025-52924

In One Identity OneLogin before 2025.2.0, the SQL connection "application name" is set based on the value of an untrusted X-RequestId HTTP request header...

4CVSS0.00245EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:33 a.m.8 views

CVE-2018-13887

Untrusted header fields in GNSS XTRA3 function can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8909W, QCS605, Qualcomm 215,...

10CVSS7.6AI score0.01118EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.4 views

WordPress plugin This User Activity Tracking and Log 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

5.3CVSS7.8AI score0.0031EPSS
Exploits2References1
SUSE CVE
SUSE CVE
added 2024/12/12 6:58 a.m.3 views

SUSE CVE-2024-52003

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are...

6.1CVSS6.9AI score0.00389EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/29 12:0 a.m.4 views

WordPress plugin Site Reviews 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

9.1CVSS6.2AI score0.00565EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.3 views

WordPress plugin Security & Malware scan by CleanTalk Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.5CVSS6.5AI score0.00653EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.12 views

WordPress plugin user-activity-log-pro security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

7.5CVSS6.6AI score0.0055EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/09/25 12:0 a.m.4 views

WordPress plugin Activity Log security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.3CVSS6.5AI score0.00627EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/09/04 12:0 a.m.5 views

WordPress plugin User Activity Log security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.5CVSS6.5AI score0.00853EPSS
Exploits2References2
Rows per page
Query Builder