Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Vulnrichment
Vulnrichmentadded yesterday3 views

CVE-2026-44546 Header injection via WebSocket upgrade parser differential allows ASGI scope header spoofing

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

3.7CVSS5.8AI score
Exploits0References1
Apache Tomcat
Apache Tomcatadded 2026/05/11 12:0 a.m.6 views

Fixed in Apache Tomcat 10.1.55

Moderate: Security constraints not correctly applied CVE-2026-43515 When multiple security constraints defined an HTTP method constraint for the same extension pattern, only the first method constraint was applied. This was fixed with commit c6213173. This issue was reported to the Tomcat securit...

9.8CVSS5.8AI score0.00253EPSS
Exploits0Affected Software1
Snyk
Snykadded 2026/05/06 9:20 p.m.4 views

Uncaught Exception

Overview granian is an A Rust HTTP server for Python applications Affected versions of this package are vulnerable to Uncaught Exception via the Sec-WebSocket-Protocol header processing in the WebSocket upgrade request path. An attacker can cause a worker process to terminate unexpectedly by...

8.7CVSS5.8AI score0.00084EPSS
Exploits0References2
Apache Tomcat
Apache Tomcatadded 2026/05/05 12:0 a.m.4 views

Fixed in Apache Tomcat 11.0.22

Moderate: Security constraints not correctly applied CVE-2026-43515 When multiple security constraints defined an HTTP method constraint for the same extension pattern, only the first method constraint was applied. This was fixed with commits 276087d9 and 06597486. This issue was reported to the...

9.8CVSS5.8AI score0.00253EPSS
Exploits0Affected Software1
OSV
OSVadded 2021/05/25 7:15 p.m.3 views

AZL-44670 CVE-2021-32640 affecting package js-jquery 3.5.0-4

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...

5.3CVSS6.4AI score0.01154EPSS
Exploits1References1
CNVD
CNVDadded 2020/06/03 12:0 a.m.2 views

websocket-extensions denial of service vulnerability

websocket-extensions is an open source WebSocket generic extension manager . A security vulnerability exists in websocket-extensions npm versions prior to 1.0.4. An attacker can exploit this vulnerability to cause a denial of service with the Sec-WebSocket-Extensions header...

7.5CVSS8AI score0.0034EPSS
Exploits1References1
OSV
OSVadded 2020/06/02 7:15 p.m.1 views

DEBIAN-CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

7.5CVSS7.6AI score0.02622EPSS
Exploits1References1
Rows per page
Query Builder