Lucene search
K

6 matches found

NVD
NVD
added 2026/06/22 6:16 p.m.9 views

CVE-2026-54282

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

5.3CVSS0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 4:45 p.m.43 views

CVE-2026-54282 Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

3.7CVSS0.00187EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:45 p.m.5 views

CVE-2026-54282

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

3.7CVSS5.9AI score0.00187EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/22 3:40 p.m.6 views

CVE-2026-46417

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...

8.8CVSS5.8AI score0.0021EPSS
Exploits0
Snyk
Snyk
added 2025/12/31 7:46 p.m.11 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow during address resolution, when attacker-controlled hostname data is copied into a fixed-size stack buffer without proper bounds checking. An attacker can cause a crash if proxy logic is enabled in the...

9.8CVSS7AI score0.00637EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.6 views

Jenkins Plugin 跨站请求伪造漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . A cross-site request forgery vulnerability exists in Jenkins Mailer that stems from the software's lack of validation f...

4.3CVSS5.5AI score0.00957EPSS
Exploits0References9
Rows per page
Query Builder