Lucene search
K

9 matches found

CVE
CVE
added 2 days ago14 views

CVE-2026-13762

CVE-2026-13762 involves an vulnerability in Amazon CloudFront when AWS WAF is enabled. The issue arises from an inconsistent interpretation of HTTP/2 requests, which can allow remote actors to bypass AWS WAF managed body‑inspection by fragmenting the request body across frames so that only a part...

9.8CVSS5.8AI score0.00461EPSS
Exploits0References1
Qualys Blog
Qualys Blog
added 2026/06/10 3:0 p.m.9 views

Turning Millions of Risks Into One Actionable List

Every security leader walks into Monday morning with the same question. The findings are there. The dashboards are running. But out of the thousands of critical vulnerabilities on that list, which ones can an attacker actually use against this organization today? Not in theory. Not in a lab. In...

5.6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/20 8:36 a.m.88 views

HOV4X

HOV4X HOVAX - 45 Modules Security Toolkit for Penetration Test...

9.8CVSS7AI score0.99677EPSS
Exploits100
Imperva Blog
Imperva Blog
added 2026/03/24 11:11 a.m.5 views

API Security for AI Agents: Why Protection Has Never Been More Important.

For years, a lot of risky APIs survived simply because they were hard to find. They weren’t documented. Only a handful of engineers knew the endpoints. And if an attacker wanted to abuse them, they had to spend real time reverse‑engineering traffic and guessing how things worked. That “security b...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2025/12/09 6:41 a.m.162 views

Exploit for Deserialization of Untrusted Data in Facebook React

⚡ CVE-2025-55182 – Advanced Auto Exploit Toolkit Precisi...

10CVSS7.2AI score0.99562EPSS
Exploits372
RedHat Linux
RedHat Linux
added 2024/06/03 6:38 p.m.4 views

nodejs: HTTP Request Smuggling via Content Length Obfuscation

An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request...

6.5CVSS7.2AI score0.01155EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/23 5:18 p.m.3 views

python-aiohttp: HTTP request smuggling via llhttp HTTP request parser

A flaw was found in aio-libs aiohttp, where it is vulnerable to HTTP request smuggling, caused by a flaw in the aiohttp.web.Application. By sending a specially crafted HTTPS request, an attacker can poison the web cache, bypass web application firewall protection, and conduct Cross-site scripting...

7.5CVSS7AI score0.01422EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/07/14 2:4 a.m.3 views

SUSE CVE-2023-38199

coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the...

9.8CVSS6.9AI score0.00631EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/02 12:0 a.m.3 views

Fortinet FortiADC 安全漏洞

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. A security vulnerability exists in Fortinet FortiADC versions 5.0, 6.0.0, 6.1.0, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. An attacker could exploit the vulnerability to perform SQL injection and cross-site scripting...

9.8CVSS8.3AI score0.00679EPSS
Exploits0References2
Rows per page
Query Builder