Lucene search
+L

669 matches found

euvd
euvd
added 2025/10/21 8:3 p.m.12 views

EUVD-2025-35262

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing...

9.8CVSS6.6AI score0.00652EPSS
Exploits3References1
cvelist
cvelist
added 2025/10/16 7:0 p.m.8 views

CVE-2025-11493 Self-Update Verification Mechanism Process in ConnectWise Automate

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...

8.8CVSS0.00217EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/10/16 4:56 p.m.4 views

CVE-2025-20359

Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause the Snort 3 Detection Engine to crash. This vulnerability is due to an error in the logic of buffer...

6.5CVSS6.7AI score0.00392EPSS
Exploits0References1
cvelist
cvelist
added 2025/10/15 1:55 p.m.15 views

CVE-2025-54479 BIG-IP PEM vulnerability

When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00327EPSS
Exploits0References1
redhat
redhat
added 2025/10/14 5:59 p.m.5 views

netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline LF characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same...

7.5CVSS7.1AI score0.00631EPSS
Exploits1References11
euvd
euvd
added 2025/10/12 3:30 a.m.9 views

EUVD-2025-33878

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: Runtime UI. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful...

7.5CVSS5.8AI score0.97788EPSS
Exploits6References2
osv
osv
added 2025/10/08 5:41 p.m.4 views

JLSEC-2025-1 CR/LF injection in URIs.jl (also affects HTTP.jl)

Description The URIs.jl and HTTP.jl packages allowed the construction of URIs containing CR/LF characters. If user input was not otherwise escaped or protected, this can lead to a CRLF injection attack. With this simple Julia code, you can inject a custom header named Foo with the value bar: juli...

8.7CVSS7.1AI score0.00366EPSS
Exploits0
nessus
nessus
added 2025/10/07 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: skopeo (UTSA-2025-985019)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-985019 advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of...

7.5CVSS7AI score0.03796EPSS
Exploits0References4
gitee
gitee
added 2025/09/22 1:2 a.m.173 views

security-guide-for-developers

This is a security guide for web developers, covering various security topics such as authentication, authorization, data validation, and encryption. The guide is divided into several sections, including a security checklist, authentication and authorization, data validation and sanitation, and...

6.7AI score
Exploits0
cnnvd
cnnvd
added 2025/09/22 12:0 a.m.18 views

Mesh Connect JS SDK 跨站脚本漏洞

Mesh Connect JS SDK is a Java library from Mesh open source. A cross-site scripting vulnerability exists in Mesh Connect JS SDK versions prior to 3.3.2, which stems from the createLink.openLink function not being cleaned up for the URL protocol, which could lead to the execution of arbitrary...

8.2CVSS6AI score0.00438EPSS
Exploits0References5
cnnvd
cnnvd
added 2025/09/22 12:0 a.m.3 views

WordPress plugin PressPage Entertainment Inc Mavis HTTPS to HTTP Redirection 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

7.1CVSS5.8AI score0.00118EPSS
Exploits0References1
github
github
added 2025/09/17 8:46 p.m.14 views

Pingora update for MadeYouReset HTTP/2 vulnerability

Pingora deployments that include HTTP/2 server support may be affected by the vulnerability described in CVE-2025-8671. Under certain conditions, Pingora applications may allocate buffers before the HTTP/2 reset and resulting stream cancellation is processed by the server. Repeated resets can for...

7.5CVSS6.8AI score0.0351EPSS
Exploits3References3Affected Software1
snyk
snyk
added 2025/09/17 8:43 p.m.0 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the gRPC API and HTTP APIs, which allow peers to send requests that cause the recipient to create files in arbitrary file system locations and read arbitrary files. An attacker can access sensitive data or execu...

10CVSS7.4AI score0.0068EPSS
Exploits0References2
github
github
added 2025/09/17 8:23 p.m.9 views

DragonFly's tiny file download uses hard coded HTTP protocol

Impact The code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the network request so that a different piece of data gets downloaded. Due to the use of weak...

6.9CVSS7AI score0.0013EPSS
Exploits0References5Affected Software2
amazon
amazon
added 2025/09/15 12:0 a.m.9 views

Medium: python-h2

Issue Overview: h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to...

6.9CVSS6.8AI score0.01596EPSS
Exploits0
nessus
nessus
added 2025/09/14 12:0 a.m.5 views

Debian dla-4299 : jetty9 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4299 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4299-1 [email protected] https://www.debian.org/lts/security/...

7.7CVSS7AI score0.01567EPSS
Exploits0References4
osv
osv
added 2025/09/05 12:42 p.m.8 views

OESA-2025-2167 lighttpd security update

Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more...

7.5CVSS6.6AI score0.0351EPSS
Exploits3References2
vulnrichment
vulnrichment
added 2025/09/02 1:37 p.m.9 views

CVE-2025-9784 Undertow: undertow madeyoureset http/2 ddos vulnerability

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

7.5CVSS5.9AI score0.0217EPSS
Exploits1References17
osv
osv
added 2025/09/01 2:4 p.m.3 views

SUSE-SU-2025:02993-1 Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: Upgraded to version 9.4.58.v20250814: - CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol including DNS over HTTPS bsc1244252...

7.7CVSS6.7AI score0.01567EPSS
Exploits0References3
nessus
nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2019-17420

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the httpheader signature to not alert on a...

5.3CVSS6.2AI score0.01355EPSS
Exploits0References2
Rows per page
Query Builder