CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2025/12/27 12:0 a.m.•2 views

NewStart CGSL MAIN 7.02 : golang Multiple Vulnerabilities (NS-SA-2025-0254)

The remote NewStart CGSL host, running version MAIN 7.02, has golang packages installed that are affected by multiple vulnerabilities: - The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true...

9.8CVSS7AI score0.01018EPSS

Exploits0References25

RedHat Linux•added 2025/09/25 12:9 a.m.•1 views

undertow: Memory exhaustion issue in HttpReadListener via "Expect: 100-continue" header

A flaw was discovered in Undertow where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service...

7.5CVSS5.8AI score0.00299EPSS

Exploits0References4

Tenable Nessus•added 2025/08/19 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2020-10705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the Expect: 100-continue header may cause an out of memory...

7.5CVSS6.7AI score0.00299EPSS

RedhatCVE•added 2025/08/09 12:23 a.m.•9 views

CVE-2025-32094

An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai...

4CVSS6.8AI score0.00375EPSS

RedhatCVE•added 2025/05/23 5:31 a.m.•1 views

CVE-2023-30756

A vulnerability has been identified in SIMATIC CP 1242-7 V2 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.5.20...

8.2CVSS6.9AI score0.00401EPSS

OSV•added 2025/04/25 2:6 p.m.•1 views

OESA-2025-1451 etcd security update

%expand: Security Fixes: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large...

7.5CVSS6.8AI score0.75268EPSS

Exploits1References4

Citrix•added 2025/04/16 12:0 a.m.•6 views

Netscaler-14.1- How NetScaler handles expect:100 continue header

When NetScaler gets an HTTP request that includes the Expect: 100-Continue header, it sends a 100 Continue response back to the client. This step is important because NetScaler’s Application Firewall needs to review the full request—including the body—before passing it on to the backend server...

7.1AI score

Exploits0

Vulnrichment•added 2025/03/06 11:9 a.m.•7 views

CVE-2024-56202 Apache Traffic Server: Expect header field can unreasonably retain resource

Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue...

7.1AI score0.00215EPSS

OSV•added 2025/01/17 2:8 p.m.•1 views

OESA-2025-1057 buildah security update

The package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a new image...

7.5CVSS6.8AI score0.01018EPSS

Positive Technologies•added 2024/09/10 12:0 a.m.•1 views

PT-2024-7079 · Siemens · Simatic Cp 1242-7 V2 +11

Name of the Vulnerable Software and Affected Versions: SIMATIC CP 1242-7 V2 incl. SIPLUS variants versions prior to V3.5.20 SIMATIC CP 1243-1 incl. SIPLUS variants versions prior to V3.5.20 SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants versions prior to V3.5.20 SIMATIC CP 1243-1 IEC incl. SIPLUS...

8.2CVSS7AI score0.00401EPSS

Exploits0References6

OSV•added 2024/08/23 11:8 a.m.•1 views

OESA-2024-2059 golang security update

. Security Fixes: The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the...

OSV•added 2024/08/16 11:8 a.m.•1 views

OESA-2024-1979 golang security update

OSV•added 2024/08/16 11:8 a.m.•1 views

OESA-2024-1980 golang security update

OSV•added 2024/08/16 11:8 a.m.•1 views

OESA-2024-1978 golang security update

OSV•added 2024/08/09 11:8 a.m.•1 views

OESA-2024-1952 golang security update

Amazon•added 2024/07/22 12:0 a.m.•1 views

Medium: golang

Issue Overview: The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the...

7.5CVSS6.8AI score0.01018EPSS

Exploits0

Amazon•added 2024/07/22 12:0 a.m.•1 views

Medium: golang

7.5CVSS7.2AI score0.01018EPSS

Exploits0

SUSE CVE•added 2024/07/03 3:38 a.m.•0 views

SUSE CVE-2024-24791

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail...

6.5CVSS7.1AI score0.01018EPSS

Exploits0References22

OSV•added 2024/07/02 10:15 p.m.•0 views

AZL-78960 CVE-2024-24791 affecting package golang 1.25.7-1