Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

Snyk
Snykadded 2026/04/24 7:30 p.m.1 views

Command Injection

Overview @google/gemini-cli is a Gemini CLI Affected versions of this package are vulnerable to Command Injection via the processing of untrusted workspace folders in headless mode and the handling of tool allowlisting under --yolo mode. An attacker can execute arbitrary code by submitting...

9.8CVSS6AI score
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/04/02 8:37 a.m.3 views

SUSE CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

4.8CVSS5.7AI score0.00062EPSS
Exploits1References3
OSV
OSVadded 2026/03/31 10:16 p.m.2 views

DEBIAN-CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

6.5CVSS5.7AI score0.00062EPSS
Exploits1References1
NVD
NVDadded 2026/03/31 10:16 p.m.3 views

CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

6.5CVSS0.00062EPSS
Exploits1References2
UbuntuCve
UbuntuCveadded 2026/03/31 10:16 p.m.2 views

CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

6.5CVSS5.7AI score0.00062EPSS
Exploits1References3
OSV
OSVadded 2026/03/31 10:16 p.m.2 views

UBUNTU-CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

6.5CVSS5.7AI score0.00062EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/03/31 9:21 p.m.21 views

CVE-2026-34441 cpp-httplib: HTTP Request Smuggling via Unconsumed GET Request Body

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

4.8CVSS0.00062EPSS
Exploits1References2
EUVD
EUVDadded 2026/03/31 9:21 p.m.2 views

EUVD-2026-17672

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

4.8CVSS5.7AI score0.00062EPSS
Exploits1References2
Debian CVE
Debian CVEadded 2026/03/31 9:21 p.m.3 views

CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

6.5CVSS5.7AI score0.00062EPSS
Exploits1
Positive Technologies
Positive Technologiesadded 2026/03/31 12:0 a.m.3 views

PT-2026-29373

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.40.0 Description cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread body...

7.4CVSS5.9AI score0.00066EPSS
Exploits2References14
SUSE CVE
SUSE CVEadded 2026/02/07 12:24 a.m.4 views

SUSE CVE-2026-23990

The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows...

5.3CVSS5.6AI score0.00086EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/01/21 10:25 p.m.2 views

CVE-2026-23990 Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims

The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows...

5.3CVSS5.8AI score0.00086EPSS
Exploits0References4
Snyk
Snykadded 2026/01/21 10:23 p.m.1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via improper validation of OIDC token claims after processing through CEL expressions. An attacker can gain unauthorized operator-level read access and perform actions such as suspend, resume, or reconcile by...

6CVSS5.7AI score0.00086EPSS
Exploits0References2
Snyk
Snykadded 2025/05/06 12:42 a.m.1 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the security policies such as allowed-gadgets, disallow-pulling, and verify-image. An attacker can bypass these security measures by possessing the correct TLS certificates or having access to the Kubernet...

7.1CVSS7AI score
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/03/22 11:35 a.m.5 views

CVE-2024-11602

A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...

7.4CVSS6.9AI score0.00054EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2025/03/22 12:0 a.m.12 views

Fedora 40 : kitty (2025-2fe21e3da5)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-2fe21e3da5 advisory. Update to 0.40.0 https://sw.kovidgoyal.net/kitty/changelog/detailed-list-of-changes Tenable has extracted the preceding description block directly from the...

4.4CVSS7AI score0.00033EPSS
Exploits2References2
Github Security Blog
Github Security Blogadded 2025/03/20 12:32 p.m.11 views

Feast Cross-Origin Resource Sharing vulnerability

A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...

7.4CVSS6.8AI score0.00054EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2025/03/20 10:10 a.m.4 views

CVE-2024-11602 CORS Vulnerability in feast-dev/feast

A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...

7.4CVSS7.5AI score0.00054EPSS
Exploits0References1
CVE
CVEadded 2025/03/20 10:10 a.m.39 views

CVE-2024-11602

CVE-2024-11602 affects feast-dev/feast v0.40.0. The CORS configuration on the agentscope server does not restrict access to trusted origins, allowing requests from any external domain. This can bypass security controls and potentially expose sensitive information. The provided documents do not sp...

7.4CVSS7.5AI score0.00054EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/03/20 10:10 a.m.5 views

CVE-2024-11602 CORS Vulnerability in feast-dev/feast

A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...

7.4CVSS0.00054EPSS
Exploits0References1
Rows per page
Query Builder