Lucene search
K

660 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: skopeo (UTSA-2025-985019)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-985019 advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of...

7.5CVSS7AI score0.03796EPSS
Exploits0References4
Gitee
Gitee
added 2025/09/22 1:2 a.m.169 views

security-guide-for-developers

This is a security guide for web developers, covering various security topics such as authentication, authorization, data validation, and encryption. The guide is divided into several sections, including a security checklist, authentication and authorization, data validation and sanitation, and...

6.7AI score
Exploits0
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.18 views

Mesh Connect JS SDK 跨站脚本漏洞

Mesh Connect JS SDK is a Java library from Mesh open source. A cross-site scripting vulnerability exists in Mesh Connect JS SDK versions prior to 3.3.2, which stems from the createLink.openLink function not being cleaned up for the URL protocol, which could lead to the execution of arbitrary...

8.2CVSS6AI score0.00438EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.3 views

WordPress plugin PressPage Entertainment Inc Mavis HTTPS to HTTP Redirection 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

7.1CVSS5.8AI score0.00118EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/17 8:46 p.m.13 views

Pingora update for MadeYouReset HTTP/2 vulnerability

Pingora deployments that include HTTP/2 server support may be affected by the vulnerability described in CVE-2025-8671. Under certain conditions, Pingora applications may allocate buffers before the HTTP/2 reset and resulting stream cancellation is processed by the server. Repeated resets can for...

7.5CVSS6.8AI score0.04604EPSS
Exploits3References3Affected Software1
Snyk
Snyk
added 2025/09/17 8:43 p.m.0 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the gRPC API and HTTP APIs, which allow peers to send requests that cause the recipient to create files in arbitrary file system locations and read arbitrary files. An attacker can access sensitive data or execu...

10CVSS7.4AI score0.0068EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/09/17 8:23 p.m.7 views

DragonFly's tiny file download uses hard coded HTTP protocol

Impact The code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the network request so that a different piece of data gets downloaded. Due to the use of weak...

6.9CVSS7AI score0.0013EPSS
Exploits0References5Affected Software2
Amazon
Amazon
added 2025/09/15 12:0 a.m.9 views

Medium: python-h2

Issue Overview: h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to...

6.9CVSS6.8AI score0.01596EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/14 12:0 a.m.4 views

Debian dla-4299 : jetty9 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4299 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4299-1 [email protected] https://www.debian.org/lts/security/...

7.7CVSS7AI score0.01567EPSS
Exploits0References4
OSV
OSV
added 2025/09/05 12:42 p.m.7 views

OESA-2025-2167 lighttpd security update

Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more...

7.5CVSS6.6AI score0.04604EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2025/09/02 1:37 p.m.9 views

CVE-2025-9784 Undertow: undertow madeyoureset http/2 ddos vulnerability

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

7.5CVSS5.9AI score0.0217EPSS
Exploits1References17
OSV
OSV
added 2025/09/01 2:4 p.m.3 views

SUSE-SU-2025:02993-1 Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: Upgraded to version 9.4.58.v20250814: - CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol including DNS over HTTPS bsc1244252...

7.7CVSS6.7AI score0.01567EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2019-17420

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the httpheader signature to not alert on a...

5.3CVSS6.2AI score0.01355EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-6794

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends...

5.3CVSS6.1AI score0.24712EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2015-5168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different...

10CVSS8.1AI score0.02411EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/08/21 9:20 p.m.267 views

Exploit for CVE-2025-8671

PoC-CVE-2025-8671-MadeYouReset-HTTP-2 PoC para validar vulnera...

7.5CVSS7.2AI score0.04604EPSS
Exploits3
CNVD
CNVD
added 2025/08/20 12:0 a.m.2 views

Apache Tomcat Denial of Service Vulnerability (CNVD-2025-19106)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server for the implementation of Servlet and JavaServer Page JSP support. Apache Tomcat suffers from a denial of service vulnerability due to a forced reset attack in the HTTP/2 implementation. An attacke...

7.5CVSS6.5AI score0.03389EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-47118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issu...

9.8CVSS7.9AI score0.00462EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/08/15 12:51 p.m.8 views

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update to version 0.2.7+141: CVE-2025-58266: shlex: Fixed command injection bsc1247193 Update to version 0.2.7+117: CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RSTSTREAM frames bsc1210344. CVE-2024-12224...

7.5CVSS7.9AI score0.01121EPSS
Exploits2References26
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-49630

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients...

7.5CVSS7.2AI score0.01149EPSS
Exploits0References2
Rows per page
Query Builder