Lucene search
K

2781 matches found

Cvelist
Cvelist
added 2026/06/26 7:17 a.m.39 views

CVE-2026-57875 GV-LPC2011/LPC2211 - unauthorized null pointer dereference vulnerability in packet parsing

An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the...

7.5CVSS0.01266EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 6:52 p.m.6 views

GHSA-2F33-PR97-265Q MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies

Summary The parameterless MessagePackInputFormatter constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for ASP.NET Core MVC request bodies, which commonly cross an HTTP trust boundary...

6.3CVSS5.6AI score0.00236EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 11:57 a.m.6 views

CVE-2026-42005

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

4.3CVSS5.9AI score0.00479EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Erlang

Inconsistent interpretation of HTTP requests: The “HTTP Request Smuggling” vulnerability in Erlang OTP inets httpd module allows for HTTP requests to be disguised. This vulnerability is associated with the program file lib/inets/src/httpserver/httpdrequest.erl and the program routine...

9.4CVSS7.1AI score0.00528EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 6:8 a.m.4 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and ifix Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used,...

9.1CVSS5.9AI score0.01127EPSS
Exploits3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52114

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description An authenticated user can craft outbound requests that reach loopback-bound services inside the container. This occurs because the outbound HTTP host filter applied by WebClientUtils used by the REST...

9.1CVSS5.8AI score0.0022EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 5:16 p.m.7 views

CVE-2026-44789

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques...

9.9CVSS0.00632EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:42 p.m.5 views

Security Bulletin: IBM i is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [CVE-2026-10852, CVE-2026-8858, CVE-2026-9072, CVE-2026-8633, CVE-2026-8620]

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to denial of service, remote code execution, and HTTP request smuggling when an attacker passes crafted requests to the web server or impersonates the application server and returns crafted responses CVE-2026-10852,...

9.8CVSS6.5AI score0.00847EPSS
Exploits0Affected Software5
Cvelist
Cvelist
added 2026/06/18 11:54 p.m.45 views

CVE-2026-40624 AVer PTC cameras Files or Directories Accessible to External Parties

Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request...

9.8CVSS0.00616EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50820

Name of the Vulnerable Software and Affected Versions AVer PTC500S affected versions not specified AVer PTC115 affected versions not specified AVer PTC500+ affected versions not specified AVer PTC115+ affected versions not specified Description Improper input validation in these networked...

9.8CVSS6.5AI score0.00616EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/17 4:28 p.m.13 views

EUVD-2026-37759

A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability existed due to...

4.3CVSS5.5AI score0.00202EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 4:16 p.m.121 views

CVE-2026-20181

Cisco ISE/ISE-PIC in Cisco IOS XE is affected by CVE-2026-20181. The CVE entry describes authenticated remote command execution via crafted HTTP input with privilege escalation to root and potential DoS in single-node deployments. Connected PT-security material (PT-2026-34270) references a separa...

9.1CVSS5.9AI score0.00748EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/17 10:53 a.m.11 views

CVE-2026-46792

Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Generic Unix Connector. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

9.9CVSS0.00402EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:22 a.m.9 views

Malicious code in tobihook (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c093ec7049ebbe26ca860033bc1fd81ad98f4f586b66fc68170e1ff81ae90bb The package masquerades as an HTTP helper functions named post/get/fetch, module comment ' request/init.py', and an unused requests dependency but ea...

6.3AI score
Exploits0References3
EUVD
EUVD
added 2026/06/16 2:20 a.m.13 views

EUVD-2026-37030

A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90ABTQ.1C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request...

8.8CVSS6AI score0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 2:20 a.m.27 views

CVE-2026-7273

CVE-2026-7273 affects Zyxel GS1900-48HPv2 devices with firmware up to 2.90(ABTQ.1)C0. The flaw is a stack-based buffer overflow in the CGI program, enabling a LAN-based, unauthenticated attacker to potentially execute OS commands via a crafted HTTP request. Impact is described in the CVE metrics ...

8.8CVSS6AI score0.00315EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 2:20 a.m.38 views

CVE-2026-7273

A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90ABTQ.1C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request...

8.8CVSS0.00315EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49603

Name of the Vulnerable Software and Affected Versions Zyxel GS1900-48HPv2 versions prior to 2.90ABTQ.1C0 Description A stack-based buffer overflow exists in the CGI program. This flaw allows an unauthenticated attacker on the local area network LAN to potentially execute operating system commands...

8.8CVSS5.8AI score0.00315EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49930

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

9.8CVSS5.3AI score0.00483EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.28 views

PT-2026-50078

Name of the Vulnerable Software and Affected Versions LangGraph Python SDK versions prior to 0.3.15 Description Unsafe URL path construction occurs due to unsanitized caller-supplied identifier values used in HTTP request paths for resource operations. Identifiers containing characters with speci...

9.1CVSS5.9AI score0.00216EPSS
Exploits0References12
Rows per page
Query Builder