Lucene search
K

1337 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/08 2:41 p.m.2 views

CVE-2026-39407

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for...

5.3CVSS5.9AI score0.00459EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/06 9:31 a.m.3 views

EUVD-2026-19205

A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem...

6.9CVSS5.6AI score0.00489EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/06 8:30 a.m.2 views

CVE-2026-5638 HerikLyma CPPWebFramework path traversal

A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem...

6.9CVSS5.8AI score0.00489EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.6 views

Wisp 安全漏洞

Wisp is a practical Gleam web framework developed under open source, designed for rapid development and easy maintenance. Versions of Wisp from 0.2.0 to 2.2.2 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in multi-part form parsing that bypassed resource limits,...

8.7CVSS5.8AI score0.00622EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.34 views

WhatWeb Scanner 0.6.4

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different...

6AI score
Exploits0
Debian CVE
Debian CVE
added 2026/04/01 8:9 p.m.7 views

CVE-2026-34514

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.9CVSS5.3AI score0.00315EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29601

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description Insufficient restrictions in header/trailer handling could lead to uncapped memory usage. An application could experience memory exhaustion when processing attacker-controlled requests or responses....

7.5CVSS5.9AI score0.0044EPSS
Exploits0References302
EUVD
EUVD
added 2026/03/31 10:52 p.m.7 views

EUVD-2026-17269

baserCMS is Vulnerable to Cross-site Scripting...

7.1CVSS7.1AI score0.00258EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.2 views

Amazon Linux 2023 : python3-flask (ALAS2023-2026-1476)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1476 advisory. Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use o...

4.3CVSS5.8AI score0.00374EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:7 p.m.3 views

CVE-2026-33152

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...

9.1CVSS5.8AI score0.00513EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/20 12:16 a.m.7 views

UBUNTU-CVE-2026-22735

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

2.6CVSS5.8AI score0.00112EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/03/12 3:34 p.m.9 views

asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation

A flaw was found in ASP.NET Core. This vulnerability allows an unauthorized attacker to perform a Denial of Service DoS attack over a network by allocating resources without limits or throttling. This can lead to the unavailability of the service for legitimate users...

7.5CVSS5.7AI score0.02818EPSS
Exploits0References5
OSV
OSV
added 2026/03/12 12:0 a.m.4 views

ALSA-2026:4451 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.125 and .NET Runtime...

7.5CVSS5.8AI score0.02818EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/10 6:31 p.m.5 views

EUVD-2026-10694

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...

7.5CVSS5.8AI score0.02818EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 5:5 p.m.5 views

CVE-2026-26130

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...

7.5CVSS5.8AI score0.02818EPSS
Exploits0References2Affected Software3
Microsoft CVE
Microsoft CVE
added 2026/03/10 2:0 p.m.5 views

ASP.NET Core Denial of Service Vulnerability

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...

7.5CVSS5.8AI score0.02818EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/09 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-005918)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005918 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounters certain errors, it logs a warning but...

7.5CVSS6.9AI score0.00667EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/04 12:26 a.m.3 views

SUSE CVE-2026-25891

Fiber is an Express inspired web framework written in Go. A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been...

8.7CVSS5.9AI score0.00618EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/02/21 5:21 a.m.5 views

CVE-2026-27205

Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...

4.3CVSS4.6AI score0.00374EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.12 views

PT-2026-21353

Name of the Vulnerable Software and Affected Versions Flask versions 3.1.2 and below Description Flask, a web server gateway interface WSGI web application framework, may improperly handle caching when accessing the session object. Specifically, it may fail to set the 'Vary: Cookie' header,...

4.3CVSS5.8AI score0.00374EPSS
Exploits0References191
Rows per page
Query Builder