Lucene search
K

25 matches found

Debian CVE
Debian CVE
added 2026/06/22 9:30 p.m.6 views

CVE-2026-44889

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...

6.1CVSS5.9AI score0.00161EPSS
Exploits0
NVD
NVD
added 2026/06/10 7:16 p.m.23 views

CVE-2026-50637

Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions allow mutiple metrics, separated by newlines, to be sent per packet. The send method does not validate the contents of the metric names or values. If the name...

8.2CVSS0.00323EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.20 views

PT-2026-48519

Name of the Vulnerable Software and Affected Versions Metrics::Any::Adapter::Statsd versions prior to 0.04 Description The software does not protect against metric injections. The statsd protocol allows multiple metrics to be sent per packet, separated by newlines. The send method fails to valida...

8.2CVSS5.8AI score0.00323EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/01/07 9:43 a.m.4 views

CVE-2026-21439

badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...

5.1CVSS6.8AI score0.00302EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.5 views

badkeys 安全漏洞

badkeys is an open source library of tools from badkeys to check cryptographic public keys for vulnerabilities. A security vulnerability exists in badkeys version 0.0.15 and earlier, which stems from the fact that an attacker can inject content containing ASCII control characters, potentially...

5.3CVSS6.5AI score0.00302EPSS
Exploits1References4
OSV
OSV
added 2026/01/05 11:51 p.m.7 views

CVE-2026-21439 badkeys vulnerable to ASCII control character injection on console via malformed input

badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...

5.1CVSS6.6AI score0.00302EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/01/05 11:51 p.m.4 views

CVE-2026-21439 badkeys vulnerable to ASCII control character injection on console via malformed input

badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...

5.1CVSS6.5AI score0.00302EPSS
Exploits1References4
CVE
CVE
added 2026/01/05 11:51 p.m.20 views

CVE-2026-21439

CVE-2026-21439 affects the badkeys tool/library, where versions ≤0.0.15 allow ASCII control characters (e.g., vertical tabs, ANSI escape sequences) to inject misleading output in DKIM scanning (--dkim/--dkim-dns), SSH lines (--ssh-lines), and related filenames. The issue is fixed in version 0.0.1...

5.3CVSS6.5AI score0.00302EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/01/05 7:42 p.m.2 views

Improper Neutralization

Overview badkeys is a Check cryptographic keys for known weaknesses Affected versions of this package are vulnerable to Improper Neutralization of ASCII control characters in the badkeys command-line tool. An attacker can manipulate console output to display misleading or deceptive information by...

5.3CVSS6.6AI score0.00302EPSS
Exploits1References2
OSV
OSV
added 2026/01/05 7:42 p.m.6 views

GHSA-WJPC-4F29-83H3 badkeys vulnerable to ASCII control character injection on console via malformed input

Impact An attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line tool. This impacts scanning DKIM keys both --dkim and --dkim-dns, SSH keys --ssh-lines mode, and filenames in various...

5.1CVSS6.8AI score0.00302EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/01/05 7:42 p.m.11 views

badkeys vulnerable to ASCII control character injection on console via malformed input

Impact An attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line tool. This impacts scanning DKIM keys both --dkim and --dkim-dns, SSH keys --ssh-lines mode, and filenames in various...

5.3CVSS6.9AI score0.00302EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.12 views

PT-2026-1358

Name of the Vulnerable Software and Affected Versions badkeys versions 0.0.15 and below Description badkeys is a tool and library used for checking cryptographic public keys for known issues. In versions 0.0.15 and below, an attacker can inject content containing ASCII control characters, such as...

5.3CVSS7AI score0.00302EPSS
Exploits1References15
OSV
OSV
added 2024/10/08 6:33 p.m.9 views

GHSA-5WPR-CJ9P-959R HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

6.9CVSS5.1AI score0.00653EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/10/08 6:33 p.m.17 views

HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

5.3CVSS6.8AI score0.00653EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/10/08 5:15 p.m.10 views

CVE-2024-9622

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

5.3CVSS0.00653EPSS
Exploits0References4
OSV
OSV
added 2024/10/08 5:15 p.m.1 views

UBUNTU-CVE-2024-9622

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

5.3CVSS7.1AI score0.00653EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/10/08 4:26 p.m.26 views

CVE-2024-9622 Resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: http request smuggling leading to client timeouts in resteasy-netty4

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

5.3CVSS0.00653EPSS
Exploits0References4
CVE
CVE
added 2024/10/08 4:26 p.m.74 views

CVE-2024-9622

CVE-2024-9622 applies to the resteasy-netty4 library, where improper handling of HTTP requests containing ASCII control characters can trigger the Netty HttpObjectDecoder BAD_MESSAGE state. This causes subsequent legitimate requests on the same connection to be ignored, leading to client timeouts...

5.3CVSS5.2AI score0.00653EPSS
Exploits0References4
OSV
OSV
added 2024/10/08 4:26 p.m.6 views

CVE-2024-9622 Resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: http request smuggling leading to client timeouts in resteasy-netty4

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

5.3CVSS5.8AI score0.00653EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2024/10/08 8:56 a.m.12 views

CVE-2024-9622

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

5.3CVSS6.9AI score0.00653EPSS
Exploits0References5
Rows per page
Query Builder