Lucene search
K

2773 matches found

EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-43641

Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling...

6.3CVSS6.1AI score
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-59209

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and...

7.1CVSS0.00303EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42613

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-59209

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References4Affected Software1
CVE
CVE
added 5 days ago12 views

CVE-2026-59209

n8n is an open source workflow automation platform. Affected versions prior to 1.123.61, 2.27.4, and 2.28.1 expose a vulnerability where an authenticated user with editor access to a shared workflow can read credential-populated headers via the $request object inside an HTTP Request node’s pagina...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:27 p.m.5 views

CVE-2026-20191

A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request...

7.5CVSS6AI score0.00756EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/01 3:33 a.m.35 views

CVE-2026-7828 UltraVNC repeater integer overflow in win_log malloc leading to heap overflow

UltraVNC repeater through 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, the winlog function allocates list nodes via mallocsizeofstruct LIST + strlenline, where line is derived from HTTP request URIs. If strlenline is sufficiently large,...

5.3CVSS0.01057EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 3:33 a.m.12 views

CVE-2026-7828

UltraVNC repeater up to version 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, win_log() allocates memory with malloc(sizeof(struct LIST) + strlen(line)); if strlen(line) is large, the size overflows to a value smaller than sizeof(struct ...

5.3CVSS6.2AI score0.01057EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/30 8:23 p.m.6 views

EUVD-2025-210383

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling...

4.3CVSS5.8AI score0.00431EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.13 views

PT-2026-54438

Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description An unauthenticated remote attacker can execute arbitrary commands with root-level privileges on the underlying system. This occurs because the debug.pl script processes...

10CVSS6.1AI score0.03074EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-53974

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description An authenticated user can cause a temporary denial of service by sending a specially crafted HTTP request. This issue occurs due to improper allocation of resource...

4.3CVSS6AI score0.00431EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/29 4:50 a.m.15 views

CVE-2026-54282

A flaw was found in Starlette, a lightweight Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.3.0, the HTTP request path was not properly validated when reconstructing the request.url. A remote attacker could craft a malicious HTTP request path that does not begin with a...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 4:4 p.m.34 views

CVE-2026-56663 AutoGPT: SSRF-to-RCE Chain in `SendWebRequestBlock` via IP validation bypass and internal `pg-meta` access

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. isipblocked in...

8.5CVSS0.00224EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 4:4 p.m.13 views

CVE-2026-56663

AutoGPT (SendWebRequestBlock) prior to version 0.6.52 is vulnerable to a SSRF-to-RCE chain due to improper normalization of IPv4-mapped IPv6 addresses in _is_ip_blocked(), which fails to block IPv4-mapped addresses and special-use ranges (e.g., 100.64.0.0/10). An authenticated user can bypass pri...

8.5CVSS5.8AI score0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 7:17 a.m.39 views

CVE-2026-57878 GV-LPC2011/LPC2211 - unauthorized buffer overflow vulnerability (thttpd)

An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this...

9.8CVSS0.00531EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 7:17 a.m.8 views

EUVD-2026-39631

An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the...

7.5CVSS5.9AI score0.01266EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 7:17 a.m.38 views

CVE-2026-57875 GV-LPC2011/LPC2211 - unauthorized null pointer dereference vulnerability in packet parsing

An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the...

7.5CVSS0.01266EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 7:17 a.m.15 views

CVE-2026-57875

GeoVision GV-LPC2011 and GV-LPC2211 components (GV-LPC2011/LPC2211 V1.12 and earlier) contain an unauthenticated NULL pointer dereference in the HTTP request parsing logic. The root cause is improper validation of required HTTP request metadata before use by the affected CGI components, allowing ...

7.5CVSS5.9AI score0.01266EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 6:52 p.m.5 views

GHSA-2F33-PR97-265Q MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies

Summary The parameterless MessagePackInputFormatter constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for ASP.NET Core MVC request bodies, which commonly cross an HTTP trust boundary...

6.3CVSS5.6AI score0.00236EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 11:57 a.m.6 views

CVE-2026-42005

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

4.3CVSS5.9AI score0.00479EPSS
Exploits0
Rows per page
Query Builder