Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

34 matches found

Slackware Linux
Slackware Linuxadded 2026/02/28 11:29 p.m.5 views

[slackware-security] gvfs

New gvfs packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/gvfs-1.48.1-i586-2slack15.0.txz: Rebuilt. This update fixes security issues: ftp: Use control connection address for PASV data. ftp:...

4.3CVSS6AI score0.00094EPSS
Exploits2
EUVD
EUVDadded 2025/10/07 12:30 a.m.5 views

EUVD-2020-7680

Malware in sbrugna...

6.5CVSS6.3AI score0.01086EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/30 5:2 p.m.27 views

Security Bulletin: IBM Maximo Application Suite - Maximo Visual Inspection Component uses Werkzeug-2.2.3-py3-none-any.whl which is vulnerable to this CVE-2023-46136

Summary Security Bulletin: IBM Maximo Application Suite - Maximo Visual Inspection Component uses Werkzeug-2.2.3-py3-none-any.whl which is vulnerable to this CVE-2023-46136 Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a...

8CVSS7.5AI score0.00878EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/04/25 6:45 p.m.24 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Pallets Werkzeug [CVE-2023-46136]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Pallets Werkzeug, caused by a flaw when parsing multipart/form-data containing a large part with CR/LF character at the beginning CVE-2023-46136. Pallets Werkzeug is used in our Speech...

8CVSS7.2AI score0.00878EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blogadded 2023/10/25 2:22 p.m.50 views

Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning

Werkzeug multipart data parser needs to find a boundary that may be between consecutive chunks. That's why parsing is based on looking for newline characters. Unfortunately, code looking for partial boundary in the buffer is written inefficiently, so if we upload a file that starts with CR or LF...

8CVSS7.1AI score0.00878EPSS
Exploits0References9Affected Software1
Rosalinux
Rosalinuxadded 2023/08/01 12:58 p.m.38 views

Advisory ROSA-SA-2023-2203

Software: python 2.7.5 OS: rosa-server79 packageevrstring: python-2.7.5-93.res7 CVE-ID: CVE-2023-24329 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty...

9.8CVSS7.8AI score0.01445EPSS
Exploits6
Cvelist
Cvelistadded 2023/03/03 10:44 p.m.12 views

CVE-2023-26047 teler-waf contains detection rule bypass via entities payload

teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used...

6.5CVSS6.6AI score0.00279EPSS
Exploits0References3
OSV
OSVadded 2022/08/27 12:33 p.m.6 views

OPENSUSE-SU-2022:10101-1 Security update for nim

This update for nim fixes the following issues: Includes upstream security fixes for: boo1175333, CVE-2020-15693 httpClient is vulnerable to a CR-LF injection boo1175334, CVE-2020-15692 mishandle of argument to browsers.openDefaultBrowser boo1175332, CVE-2020-15694 httpClient.get.contentLength...

10CVSS7.4AI score0.02523EPSS
Exploits7References19
OPENSUSE Linux
OPENSUSE Linuxadded 2022/08/27 12:0 a.m.39 views

Security update for nim (important)

openSUSE Security Update: Security update for nim Announcement ID: openSUSE-SU-2022:10101-1 Rating: important References: 1175332 1175333 1175334 1181705 1185083 1185084 1185085 1185948 1192712 Cross-References: CVE-2020-15690 CVE-2020-15692 CVE-2020-15693 CVE-2020-15694 CVE-2021-21372...

10CVSS7AI score0.02523EPSS
Exploits7References9
OPENSUSE Linux
OPENSUSE Linuxadded 2022/08/24 12:0 a.m.62 views

Security update for nim (important)

openSUSE Security Update: Security update for nim Announcement ID: openSUSE-SU-2022:10095-1 Rating: important References: 1175332 1175333 1175334 1181705 1185083 1185084 1185085 1185948 1192712 Cross-References: CVE-2020-15690 CVE-2020-15692 CVE-2020-15693 CVE-2020-15694 CVE-2021-21372...

10CVSS7.3AI score0.02523EPSS
Exploits7References9
RedhatCVE
RedhatCVEadded 2022/05/21 12:26 a.m.19 views

CVE-2020-15693

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...

6.5CVSS0.6AI score0.01086EPSS
Exploits1References1
Redos
Redosadded 2022/04/07 12:0 a.m.73 views

ROS-20220407-03

A vulnerability in the Python client library is related to insufficient validation of user input data in the FTP File Transfer Protocol library when used in PASV passive mode in the FTP File Transfer Protocol library when it is used in PASV passive mode. Exploitation the vulnerability could allow...

7.5CVSS6.7AI score0.01214EPSS
Exploits1
NVD
NVDadded 2020/08/14 7:15 p.m.8 views

CVE-2020-15693

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...

6.5CVSS6.4AI score0.01086EPSS
Exploits1References4
OSV
OSVadded 2020/08/14 7:15 p.m.11 views

CVE-2020-15693

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...

6.5CVSS6.8AI score
Exploits0References4
UbuntuCve
UbuntuCveadded 2020/08/14 7:15 p.m.33 views

CVE-2020-15693

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...

6.5CVSS6.6AI score0.01086EPSS
Exploits1References3
Prion
Prionadded 2020/08/14 7:15 p.m.102 views

Sql injection

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...

6.4CVSS6.4AI score0.01086EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2020/08/14 6:47 p.m.12 views

CVE-2020-15693

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...

7.9AI score0.01086EPSS
Exploits1References4
CVE
CVEadded 2020/08/14 6:47 p.m.69 views

CVE-2020-15693

CVE-2020-15693 — Nim httpClient CR-LF injection : In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL when the attacker controls any part of the URL (e.g., in httpClient.get/httpClient.post), or header values. This can impact how URLs/headers are int...

6.5CVSS6.6AI score0.01086EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVEadded 2020/08/14 6:47 p.m.23 views

CVE-2020-15693

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...

6.5CVSS6.4AI score0.01086EPSS
Exploits1
Exploit DB
Exploit DBadded 2018/10/08 12:0 a.m.33 views

Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Zahir Enterprise Plus 6 Stack Buffer Overflow", 'Description' = %q This module exploits a stack buffer overflow in Zahir Enterprise Plus version ...

7.8CVSS7.4AI score0.6203EPSS
Exploits8
Rows per page
Query Builder