Lucene search
K

663 matches found

NVD
NVD
added 2026/07/02 9:16 p.m.6 views

CVE-2026-38968

ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding...

9.8CVSS0.00379EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 9:6 a.m.2 views

SUSE-SU-2026:2695-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: - CVE-2026-48618: tls: normalize hostname for server identity checks bsc1268593. - CVE-2026-48933: crypto: guard WebCrypto cipher output length bsc1268592. - CVE-2026-48615: lib,test: redact proxy credentials in tunnel errors bsc1268598. -...

9.8CVSS6.1AI score0.02806EPSS
Exploits3References39
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53829

Name of the Vulnerable Software and Affected Versions PROMOD V affected versions not specified Description PROMOD V uses insecure HTTP communication instead of HTTPS. This issue occurs because the third-party Digipede server does not support HTTPS, which allows data to be transmitted without...

7CVSS5.9AI score0.00347EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 12:31 a.m.9 views

EUVD-2026-40009

A vulnerability was identified in Databend up to 1.2.881 on HTTP. This affects the function ClientSessionManager::statekey of the file src/query/service/src/servers/http/v1/session/clientsessionmanager.rs of the component Tenant Handler. The manipulation leads to authorization bypass. It is...

6.5CVSS6.2AI score0.0022EPSS
Exploits0References7
NVD
NVD
added 2026/06/28 2:16 a.m.10 views

CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS0.00202EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/25 12:22 p.m.6 views

CVE-2026-40208

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...

3.7CVSS5.9AI score0.00285EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/24 8:21 p.m.6 views

CVE-2023-54365

A flaw was found in Traefik's HTTP/2 request handling. A remote attacker can exploit this vulnerability by rapidly creating and canceling HTTP/2 streams. This can exhaust server resources, leading to a denial of service DoS and making the service unavailable to legitimate users. This issue is...

8.7CVSS5.9AI score0.00566EPSS
Exploits0References5
OSV
OSV
added 2026/06/24 8:0 a.m.8 views

CURL-CVE-2026-9545 exposing HTTP/3 early data

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.8AI score0.00408EPSS
Exploits1
OSV
OSV
added 2026/06/22 5:40 a.m.4 views

BIT-ENVOY-2026-47774 Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...

7.5CVSS6AI score0.00815EPSS
Exploits1References11
ATTACKERKB
ATTACKERKB
added 2026/06/19 9:39 p.m.4 views

CVE-2026-56073

Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely mark verification successful,...

9.4CVSS5.9AI score0.00188EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/17 8:2 p.m.12 views

CVE-2026-12291

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component...

8.8CVSS5.2AI score0.00382EPSS
Exploits0References5
NVD
NVD
added 2026/06/17 10:54 a.m.10 views

CVE-2026-46945

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle iSupport. While the...

9.1CVSS0.00462EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.16 views

CVE-2026-46905

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime Security. Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

9.8CVSS0.00483EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.8 views

CVE-2026-46860

Vulnerability in the MySQL Router product of Oracle MySQL component: Router: General. Supported versions that are affected are 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MySQL Router. Successful attacks of this...

9.8CVSS0.00508EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 11:52 a.m.41 views

CVE-2026-12291 Use-after-free in the Networking: HTTP component

Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

0.00382EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-50053

Vulnerability in the Oracle HRMS UK product of Oracle E-Business Suite component: UK Payroll. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HRMS UK. Successful attacks of...

7.2CVSS5.2AI score0.00339EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.34 views

PT-2026-49964

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Metadata Plugin component of the Oracle Enterprise Manager Base Platform. An unauthenticated attacker...

9.6CVSS5.8AI score0.00473EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 9:55 p.m.25 views

CVE-2026-48599

This CVE affects elixir-grpc/grpc (HTTP transcoding) where path-bound fields can be overridden by attacker-controlled values due to Map.merge/2 precedence in Elixir.GRPC.Server.Transcode:map_request/5. The underlying issue allows an authenticated attacker to access or modify resources of other us...

7.6CVSS5.4AI score0.00273EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 2:59 p.m.4 views

CVE-2026-50560 Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack similar to HTTP/2 Rapid Reset. There is a setting in the http2 specification called...

6.9CVSS5.9AI score0.00302EPSS
Exploits0References6
NCSC
NCSC
added 2026/06/12 7:25 a.m.11 views

Vulnerability handling in Oracle PeopleSoft Enterprise PeopleTools

Oracle has identified a vulnerability in Oracle PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62. This vulnerability allows unauthorized attackers to exploit the system via HTTP remotely. This can lead to remote code execution, which may result in the complete takeover of the system. The...

9.8CVSS6.1AI score0.9233EPSS
Exploits3References2
Rows per page
Query Builder