Lucene search
K

1975 matches found

Debian CVE
Debian CVE
added 2026/04/28 11:46 p.m.4 views

CVE-2026-40560

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

7.5CVSS5.3AI score0.00487EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.15 views

PT-2026-35863

Name of the Vulnerable Software and Affected Versions Starman versions prior to 0.4018 Description Improper header precedence allows HTTP Request Smuggling. The software incorrectly prioritizes the Content-Length header over Transfer-Encoding: chunked when both are present in an HTTP request, whi...

7.5CVSS5.8AI score0.00487EPSS
Exploits0References19
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/22 12:0 a.m.11 views

actix-http has HTTP/1.1 CL.TE Request Smuggling

A vulnerability in actix-http's HTTP/1.1 request parser allows an unauthenticated remote client to smuggle requests in deployments where a front-end HTTP intermediary and the Actix backend disagree about whether Content-Length or Transfer-Encoding: chunked defines the request body length...

5.8AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/21 3:32 p.m.8 views

EUVD-2025-209541

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...

3.7CVSS5.8AI score0.00177EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 1:59 p.m.3 views

CVE-2025-31958

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...

3.7CVSS5.8AI score0.00177EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/21 1:59 p.m.32 views

CVE-2025-31958 HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...

3.7CVSS0.00177EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 1:59 p.m.11 views

CVE-2025-31958

HCL BigFix Service Management is reported vulnerable to HTTP Request Smuggling. The connected sources describe HTTP request smuggling as an issue arising when front-end and back-end servers parse requests inconsistently, enabling bypass of security controls and potentially enabling cache poisonin...

8.2CVSS5.8AI score0.00177EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.12 views

PT-2026-33976

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...

3.7CVSS5.8AI score0.00177EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.15 views

PT-2026-46944

Name of the Vulnerable Software and Affected Versions X.Org X server affected versions not specified Xwayland affected versions not specified Description An out-of-bounds write flaw exists in the X.Org X server and Xwayland within the DRIGetBuffers and DRIGetBuffersWithFormat functions. A client...

7.8CVSS5.3AI score0.00165EPSS
Exploits0References75
EUVD
EUVD
added 2026/04/17 9:31 p.m.9 views

EUVD-2026-23480

Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment...

5.3CVSS5.8AI score0.00249EPSS
Exploits0References4
NVD
NVD
added 2026/04/17 8:16 p.m.7 views

CVE-2026-33093

Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment...

5.3CVSS0.00249EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/17 7:17 p.m.8 views

CVE-2026-33093 Anviz Products Missing Authorization

Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment...

5.3CVSS5.8AI score0.00249EPSS
Exploits0References3
CVE
CVE
added 2026/04/17 7:17 p.m.16 views

CVE-2026-33093

CVE-2026-33093 — Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that triggers the front-facing camera to capture a photo, exposing visible information about the deployment environment. Affected product: Anviz CX7 Firmware. Reported impact: confidentiality loss (low) wit...

5.3CVSS5.8AI score0.00249EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/17 7:17 p.m.4 views

CVE-2026-33093

Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment...

5.3CVSS5.8AI score0.00249EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/17 7:17 p.m.28 views

CVE-2026-33093 Anviz Products Missing Authorization

Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment...

5.3CVSS0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.6 views

PT-2026-33481

CVE-2026-33093 Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the … https://t.co/qyxdCA6QG6...

5.3CVSS5.8AI score0.00249EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.13 views

Anviz CX7 安全漏洞

The Anviz CX7 is an intelligent terminal device from the American company Anviz, featuring integrated biometrics and access control functions. The Anviz CX7 firmware contains a security vulnerability. This vulnerability stems from unverified POST requests that can capture photos taken by the...

5.3CVSS5.8AI score0.00249EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/31 10:55 a.m.5 views

Malicious Package

Overview autoshipment-public-front is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/28 10:54 a.m.4 views

Malicious code in autoshipment-public-front (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e88d7d57a4db4ac2a1f359905f9bff3aba5176c373833890d1f58befc32b4d8 The package autoshipment-public-front was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/28 10:54 a.m.5 views

MAL-2026-2274 Malicious code in autoshipment-public-front (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e88d7d57a4db4ac2a1f359905f9bff3aba5176c373833890d1f58befc32b4d8 The package autoshipment-public-front was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Rows per page
Query Builder