Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Redos
Redosadded 2024/04/01 12:0 a.m.25 views

ROS-20240401-04

HAProxy server software vulnerability is related to forwarding empty headers Content-Length. Exploitation of the vulnerability could allow an attacker acting remotely to perform an HTTP request smuggling attack. an HTTP request smuggling attack...

7.2CVSS7AI score0.00091EPSS
Exploits1
RedHat Linux
RedHat Linuxadded 2023/09/26 2:56 p.m.3 views

nodejs: HTTP Request Smuggling via Empty headers separated by CR

A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS...

7.5CVSS7.1AI score0.01916EPSS
Exploits1References4
RedHat Linux
RedHat Linuxadded 2023/08/08 8:46 a.m.2 views

nodejs: HTTP Request Smuggling via Empty headers separated by CR

A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS...

7.5CVSS7.1AI score0.01916EPSS
Exploits1References4
RedHat Linux
RedHat Linuxadded 2023/07/31 9:36 a.m.3 views

nodejs: HTTP Request Smuggling via Empty headers separated by CR

A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS...

7.5CVSS7.1AI score0.01916EPSS
Exploits1References4
SUSE CVE
SUSE CVEadded 2023/02/15 6:12 a.m.3 views

SUSE CVE-2007-1863

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

5CVSS6.9AI score0.27987EPSS
Exploits0References5
OSV
OSVadded 2021/03/15 10:32 p.m.0 views

USN-4848-1 mini-httpd vulnerability

It was discovered that ACME minihttpd did not properly handle HTTP GET requests with empty headers. A remote attacker could use this vulnerability to read arbitrary files...

6.5CVSS7.4AI score0.93095EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2019/12/16 12:0 a.m.42 views

FreeBSD : dovecot -- NULL pointer deref in notify with empty headers (b7dc4dde-2e48-43f9-967a-c68461537cf2)

Aki Tuomi reports Mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...

5.3CVSS7.1AI score0.01665EPSS
Exploits0References3
FreeBSD
FreeBSDadded 2019/12/10 12:0 a.m.34 views

dovecot -- null pointer deref in notify with empty headers

Aki Tuomi reports Mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers...

5.3CVSS1.3AI score0.01665EPSS
Exploits0References1
Rows per page
Query Builder