Lucene search
+L

2786 matches found

Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-20146 Cisco Identity Services Engine Path Traversal Vulnerability

A vulnerability in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system to either read or delete arbitrary files. To exploit this vulnerability, the...

5.5CVSS0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-47767 Symfony: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.46 until 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the CVE-2024-50340 fix gated runtime argv parsing on empty$GET, but parsestr and the web SAPI can disagree, allowing a crafted query string to...

8.3CVSS0.00386EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43641

Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling...

6.3CVSS6.1AI score0.00188EPSS
Exploits0References1
NVD
NVD
added 2026/07/09 5:17 p.m.11 views

CVE-2026-59209

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and...

7.1CVSS0.00294EPSS
Exploits0References3
CVE
CVE
added 2026/07/09 3:32 p.m.14 views

CVE-2026-59209

n8n is an open source workflow automation platform. Affected versions prior to 1.123.61, 2.27.4, and 2.28.1 expose a vulnerability where an authenticated user with editor access to a shared workflow can read credential-populated headers via the $request object inside an HTTP Request node’s pagina...

7.1CVSS5.9AI score0.00294EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/09 3:32 p.m.7 views

CVE-2026-59209

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and...

7.1CVSS5.9AI score0.00294EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/07/09 3:32 p.m.7 views

EUVD-2026-42613

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and...

7.1CVSS5.9AI score0.00294EPSS
Exploits0References3
OSV
OSV
added 2026/07/09 3:32 p.m.2 views

CVE-2026-59209 n8n: Shared Credential Header Leak via HTTP Request Pagination Expression

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and...

7.1CVSS6.1AI score0.00294EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/08 8:23 p.m.5 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the ExtractHttpBodyOptionally helper in filters/openpolicyagent/openpolicyagent.go. An attacker can bypass opaAuthorizeRequestWithBody policy checks by sending a chunked HTTP/1.1 request or an HTTP/2 request...

10CVSS6.1AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/06 1:46 p.m.4 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2019-16869 DESCRIPTION: Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a "Transfer-Encoding :...

9.1CVSS6.9AI score0.18891EPSS
Exploits5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:27 p.m.5 views

CVE-2026-20191

A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request...

7.5CVSS6AI score0.00756EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/01 3:33 a.m.35 views

CVE-2026-7828 UltraVNC repeater integer overflow in win_log malloc leading to heap overflow

UltraVNC repeater through 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, the winlog function allocates list nodes via mallocsizeofstruct LIST + strlenline, where line is derived from HTTP request URIs. If strlenline is sufficiently large,...

5.3CVSS0.01057EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 3:33 a.m.14 views

CVE-2026-7828

UltraVNC repeater up to version 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, win_log() allocates memory with malloc(sizeof(struct LIST) + strlen(line)); if strlen(line) is large, the size overflows to a value smaller than sizeof(struct ...

5.3CVSS6.2AI score0.01057EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/30 8:23 p.m.6 views

EUVD-2025-210383

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling...

4.3CVSS5.8AI score0.00431EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 12:1 p.m.4 views

CVE-2026-53433 Denial of Service in fzf

fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...

5.7CVSS5.9AI score0.00243EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-53974

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description An authenticated user can cause a temporary denial of service by sending a specially crafted HTTP request. This issue occurs due to improper allocation of resource...

4.3CVSS6AI score0.00431EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.14 views

PT-2026-54438

Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description An unauthenticated remote attacker can execute arbitrary commands with root-level privileges on the underlying system. This occurs because the debug.pl script processes...

10CVSS6.1AI score0.03074EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/29 4:50 a.m.15 views

CVE-2026-54282

A flaw was found in Starlette, a lightweight Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.3.0, the HTTP request path was not properly validated when reconstructing the request.url. A remote attacker could craft a malicious HTTP request path that does not begin with a...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 4:4 p.m.36 views

CVE-2026-56663 AutoGPT: SSRF-to-RCE Chain in `SendWebRequestBlock` via IP validation bypass and internal `pg-meta` access

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. isipblocked in...

8.5CVSS0.00224EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 4:4 p.m.16 views

CVE-2026-56663

AutoGPT (SendWebRequestBlock) prior to version 0.6.52 is vulnerable to a SSRF-to-RCE chain due to improper normalization of IPv4-mapped IPv6 addresses in _is_ip_blocked(), which fails to block IPv4-mapped addresses and special-use ranges (e.g., 100.64.0.0/10). An authenticated user can bypass pri...

8.5CVSS5.8AI score0.00224EPSS
Exploits0References1
Rows per page
Query Builder