Lucene search
K

109 matches found

CNVD
CNVD
added 2025/10/31 12:0 a.m.4 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Information Disclosure Vulnerabilities (CNVD-2025-29150)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 have an information disclosure vulnerability that is caused by an error message...

6.9CVSS6AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/28 6:52 p.m.7 views

CVE-2025-12365

Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

6.9CVSS7AI score0.00229EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/21 12:0 a.m.5 views

Unspecified Vulnerability in HCL BigFix WebUI

HCL BigFix WebUI is a web based administration page of HCL India. A security vulnerability exists in HCL BigFix WebUI, which stems from an improper response to the HOST information in the HTTP header field, and can be exploited by an attacker to cause a host header poisoning attack...

6.1CVSS6.7AI score0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27776

Malicious code in bioql PyPI...

8.6CVSS6.4AI score0.00367EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/09/11 4:7 p.m.36 views

cups: Authentication Bypass in CUPS Authorization Handling

A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize...

8CVSS7.1AI score0.00964EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/09/11 1:47 p.m.7 views

CVE-2025-58060

A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize...

8CVSS6.1AI score0.00964EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/08/29 12:0 a.m.4 views

PT-2025-35161

Name of the Vulnerable Software and Affected Versions: CGI::Simple versions prior to 1.282 Description: CGI::Simple contains a HTTP response splitting flaw that allows HTTP response header injection. This can be exploited to perform reflected cross-site scripting XSS, open redirect, cache...

7.3CVSS5.9AI score0.02561EPSS
Exploits0References18
CVE
CVE
added 2025/08/21 2:41 p.m.66 views

CVE-2025-48956

Technical details for CVE-2025-48956 are not publicly available in the provided documents. Monitor for updates from project advisories; no verified affected versions, exploit status, or remediation details are included here.

7.5CVSS7.2AI score0.00527EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-20444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax...

9.1CVSS6.9AI score0.08914EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-24775

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new...

7.5CVSS7.2AI score0.02384EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-45060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce...

7.5CVSS7.3AI score0.00936EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-11652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header,...

10CVSS8.5AI score0.24727EPSS
Exploits5References2
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.5 views

arduino-esp32 注入漏洞

arduino-esp32 is an Espressif open source Arduino kernel for ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2. An injection vulnerability exists in arduino-esp32 versions prior to 3.3.0-RC1 and 3.2.1, which stems from an HTTP response splitting vulnerability in the sendHeader function...

9.3CVSS7.1AI score0.00396EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/05/13 2:1 p.m.5 views

libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header

A flaw was found in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

7.5CVSS7.3AI score0.00736EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2025/03/12 10:32 a.m.2 views

Security update for podman

This update for podman fixes the following issues: CVE-2025-27144: Fixed gopkg.in/square/go-jose.v2,gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE's Parsing Vulnerable to Denial of Service bsc1237641: CVE-2024-11218: Fixed...

8.7CVSS6.9AI score0.91969EPSS
Exploits1References18
CNNVD
CNNVD
added 2025/01/31 12:0 a.m.5 views

GFI Kerio Control 安全漏洞

GFI Kerio Control is a Unified Threat Management UTM solution from GFI Malta. The product includes features such as virus protection, web content filtering and application filtering. A security vulnerability exists in GFI Kerio Control that stems from the Dest parameter on some pages not being...

8.8CVSS9.2AI score0.29116EPSS
Exploits1References2
OSV
OSV
added 2025/01/17 10:52 p.m.6 views

CLSA-2025-1737153705 squid34: Fix of CVE-2024-25617

CVE-2024-25617: Improve handling of expanding HTTP header values to prevent DoS...

7.5CVSS6.8AI score0.88864EPSS
Exploits0References1
OSV
OSV
added 2024/12/27 2:54 p.m.5 views

CLSA-2024-1735311253 squid: Fix of CVE-2023-5824

CVE-2023-5824: do not send serialized HTTP response header bytes in storeClientCopy answers. Ignore serialized header size when calling storeClientCopy...

7.5CVSS7.1AI score0.05229EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/13 1:16 a.m.16 views

libsoup: HTTP request smuggling via stripping null bytes from the ends of header names

A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...

7.5CVSS7.3AI score0.00793EPSS
Exploits1References7
OSV
OSV
added 2024/10/30 10:15 p.m.2 views

DEBIAN-CVE-2024-10006

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using Headers in L7 traffic intentions could bypass HTTP header based access rules...

5.8CVSS7.6AI score0.00473EPSS
Exploits0References1
Rows per page
Query Builder