Lucene search
+L

130 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-16193

Malware in sbrugna...

5.3CVSS5.7AI score0.01204EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27818

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.00641EPSS
Exploits0References1
OSV
OSV
added 2025/09/17 7:3 p.m.14 views

CLSA-2025-1758135826 grafana: Fix of CVE-2022-39307

CVE-2022-39307: fix omit error from http response when user does not exist...

6.7CVSS7.3AI score0.00702EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/15 12:0 a.m.13 views

CVE-2025-46408

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...

0.00611EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/09/11 4:26 p.m.5 views

CVE-2025-55143

Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote unauthenticated attacker to inject arbitrary te...

6.1CVSS7.4AI score0.00663EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-40547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows...

8.3CVSS7.7AI score0.04892EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-4979

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to...

7.5CVSS5.4AI score0.00387EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/22 1:22 p.m.19 views

CVE-2025-32010

A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability...

9.8CVSS7.4AI score0.00641EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 1:9 p.m.23 views

CVE-2025-32010

CVE-2025-32010 affects Tenda AC6 V5.0 V02.03.01.110 in the Cloud API: a stack-based buffer overflow triggered by a specially crafted HTTP response can lead to arbitrary code execution. The TALOS analysis confirms the vulnerability exists in the Cloud API’s handling of HTTP interactions, enabling ...

9.8CVSS8.2AI score0.00641EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/08/20 1:9 p.m.11 views

CVE-2025-32010

A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability...

8.1CVSS0.00641EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/12 12:0 a.m.4 views

GitLab Community Edition和GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Community Edition and GitLab Enterprise...

6.5CVSS6.2AI score0.00649EPSS
Exploits1References6
OSV
OSV
added 2025/04/03 3:15 a.m.1 views

DEBIAN-CVE-2025-2784

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server...

6.5CVSS7.3AI score0.00786EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.2 views

ZOO-Project 跨站脚本漏洞

ZOO-Project is an open source processing platform from ZOO-Project Open Source. ZOO-Project suffers from a cross-site scripting vulnerability that stems from the publish.py CGI script reflecting user input for the jobid parameter directly into the HTTP response without HTML coding or cleanup...

6.9CVSS5.9AI score0.00436EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/02/05 3:48 a.m.4 views

SUSE CVE-2025-0825

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

5.3CVSS7.2AI score0.00394EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/01/17 12:0 a.m.6 views

caido 跨站脚本漏洞

caido is an open source application from Caido. Designed to help security professionals and enthusiasts audit Web applications efficiently and easily. A cross-site scripting vulnerability exists in Caido version v0.45.0 that stems from improper cleanup in the URL decoding tooltip of the HTTP...

5.2CVSS6AI score0.00235EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.6 views

IBM Security ReaQta 安全漏洞

IBM Security ReaQta is an AI autonomous detection and response platform from International Business Machines IBM. An information disclosure vulnerability exists in IBM Security ReaQta version 3.12, which stems from the return of sensitive information in an HTTP response, and can be exploited by a...

5.3CVSS6AI score0.00313EPSS
Exploits0References2
OSV
OSV
added 2024/11/22 8:15 p.m.9 views

PYSEC-2024-310

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

5.3CVSS5.8AI score0.00628EPSS
Exploits0References3
OSV
OSV
added 2024/08/06 2:16 p.m.7 views

CVE-2024-41226

A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. T...

7.8CVSS6.1AI score0.00567EPSS
Exploits1References2
OSV
OSV
added 2024/07/25 8:15 p.m.6 views

CVE-2024-40324

A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return CR and Line Feed LF characters into input fields, leading to HTTP response splitting and header manipulation...

5.4CVSS5.8AI score0.00691EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2024/06/04 12:55 p.m.4 views

SUSE CVE-2021-37939

It was discovered that Kibana's JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could utilize these connecto...

4CVSS4.4AI score0.00442EPSS
Exploits0References3
Rows per page
Query Builder