Lucene search
K

138 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-58229

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP1.decodeheaders/5 and Mint.HTTP1.decodetrailerheaders/4 functions in lib/mint/http1.ex accumulate every parsed...

8.2CVSS0.00305EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/07 2:10 p.m.8 views

EUVD-2026-42045

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. DomainNameValidator does not prohibit newlines in domain names unless used via a form field, since CharField strips newlines. If an application uses values with newlines in an HTTP response, header injection can occur. Djan...

6.1CVSS5.8AI score0.00217EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 2:10 p.m.2 views

CVE-2026-53878 Header injection possibility since DomainNameValidator accepted newlines in input

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. DomainNameValidator does not prohibit newlines in domain names unless used via a form field, since CharField strips newlines. If an application uses values with newlines in an HTTP response, header injection can occur. Djan...

5.3CVSS6.9AI score0.00217EPSS
Exploits0References7
OSV
OSV
added 2026/06/04 2:9 p.m.3 views

CVE-2026-45739 Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

3.1CVSS5.9AI score0.00218EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/01 10:29 a.m.8 views

Cross-site Scripting (XSS)

Overview org.apache.activemq:activemq-web is a message broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the MessageServlet component. An attacker can inject arbitrary HTTP response headers by setting malicious JMS message...

6.1CVSS5.5AI score0.01107EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.17 views

PT-2026-45023

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description NodeVM exposes process-wide observability builtins when they are permitted via require.builtin. Specifically, the diagnostics channel, async hooks, and perf hooks modules are not included in the dangero...

6.9CVSS5.3AI score0.00308EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Red Hat OpenShift Container Platform 授权问题漏洞

Red Hat OpenShift Container Platform is a platform developed by Red Hat Inc. It helps enterprises develop, deploy, and manage existing container-based applications across physical, virtual, and public cloud infrastructures. There is an authorization vulnerability in Red Hat OpenShift Container...

7.4CVSS5.8AI score0.00238EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 5:53 p.m.10 views

USN-8343-1 multipart vulnerability

It was discovered that multipart had an ambiguous regular expression alternation when handling certain HTTP header values. A remote attacker could possibly use this issue to cause multipart to use excessive resources, leading to a denial of service...

7.5CVSS5.8AI score0.00699EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.14 views

ClipBucket 安全漏洞

ClipBucket is an open-source PHP script developed by MacWarrior. It is available for free download and used to create video-sharing websites. Version 5.5.2 of ClipBucket contains a security vulnerability. This vulnerability stems from the authentication interface, the login page endpoint, and the...

7.3CVSS6.1AI score0.00324EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in grub2

Out-of-bounds write when handling split HTTP headers: When dealing with split HTTP headers, GRUB2’s HTTP code accidentally moves its internal data buffer point by one position. This can lead to an out-of-bounds write during the parsing of the HTTP request, resulting in writing a NULL byte beyond...

8.1CVSS7.7AI score0.01131EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 4:8 p.m.12 views

EUVD-2025-209856

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

2.3CVSS5.8AI score0.00106EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 12:37 p.m.3 views

CVE-2026-43644 podinfo 6.11.2 Reflected XSS via /echo Endpoint

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...

5.1CVSS5.9AI score0.00195EPSS
Exploits2References6
AlpineLinux
AlpineLinux
added 2026/04/29 11:44 a.m.11 views

CVE-2026-42249

Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These...

9.8CVSS6.5AI score0.00625EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/23 7:11 p.m.6 views

CVE-2026-41266 Flowise: Sensitive Data Leak in public-chatbotConfig

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...

7.7CVSS5.3AI score0.00346EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/23 7:11 p.m.9 views

EUVD-2026-25283

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...

7.7CVSS5.8AI score0.00346EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/22 9:31 a.m.9 views

EUVD-2026-24637

The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header name and value fields before writing them to the Apache .htaccess file via insertwithmarkers. This makes it possible for...

5.5CVSS5.8AI score0.00474EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 10:59 a.m.6 views

Security Bulletin: Memory Exhaustion via Excessive Cookies in HTTP Servers, affects watsonx.data

Summary HTTP servers may be vulnerable to memory exhaustion because, while HTTP headers have a 1MB limit, there is no limit on the number of cookies parsed. An attacker can send many small cookies e.g., a=; to trigger excessive memory allocation, potentially leading to high memory usage or...

5.3CVSS7.1AI score0.00534EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/03/31 9:11 a.m.8 views

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS5.8AI score0.00463EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/25 7:54 p.m.6 views

EUVD-2026-14500

AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr...

5.3CVSS5.8AI score0.00175EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.4 views

Siemens APE1808 Improper Neutralization of CRLF Sequences in HTTP Headers (CVE-2024-54021)

An improper neutralization of crlf sequences in http headers 'http response splitting' in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header. This plugin only works with Tenable.ot. Please visit...

6.5CVSS6AI score0.00751EPSS
Exploits0References3
Rows per page
Query Builder