Lucene search
K

7 matches found

NVD
NVD
added 2026/06/17 8:17 p.m.11 views

CVE-2026-54387

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...

9.3CVSS0.00439EPSS
Exploits0References4
OSV
OSV
added 2026/06/17 8:17 p.m.4 views

DEBIAN-CVE-2026-54388

Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can...

9.3CVSS5.6AI score0.00439EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/03/29 8:1 a.m.8 views

Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection

...

8.8CVSS5.8AI score0.02709EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/09/24 11:48 a.m.6 views

httpd: HTTP response splitting

A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting...

7.3CVSS7.1AI score0.03914EPSS
Exploits0References5
Veracode
Veracode
added 2024/04/10 9:30 p.m.27 views

HTTP Response Splitting

Apache HTTP Server is vulnerable to HTTP Response splitting. The vulnerability is due to inadequate handling of malicious response headers, allowing an attacker to inject headers into backend applications and cause an HTTP desynchronization attack...

6.3CVSS7.3AI score0.02874EPSS
Exploits0References15Affected Software1
CNVD
CNVD
added 2020/06/30 12:0 a.m.5 views

Taiyuan Xunyi Technology Co., Ltd. 74cms background SQL injection vulnerability

74cms Knight cms talent system is a free open source professional recruitment system based on PHP + MYSQL as the core development. Taiyuan Xunyi Technology Co., Ltd. 74cms background SQL injection vulnerabilities, attackers can exploit the vulnerability to obtain database sensitive information...

7.9AI score
Exploits0
CNVD
CNVD
added 2019/10/29 12:0 a.m.2 views

zzzphp V1.7.4 SQL Injection Vulnerability in Backend

zzphp is a free website builder developed in PHP language. zzzphp V1.7.4 suffers from a SQL injection vulnerability in the backend, which can be exploited by attackers to obtain sensitive information...

8AI score
Exploits0
Rows per page
Query Builder