Lucene search
K

10 matches found

NVD
NVD
added 2026/06/23 4:17 p.m.8 views

CVE-2026-55766

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled dat...

4.8CVSS0.00158EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50516

Name of the Vulnerable Software and Affected Versions undici versions 6.x prior to 6.26.0 undici versions 7.0.0 through 7.27.x undici versions 8.x prior to 8.5.0 Description The cookie parser in the parseSetCookie function percent-decodes cookie values using qsUnescape, which converts encoded...

5.9CVSS5.5AI score0.00257EPSS
Exploits0References80
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.12 views

CVE-2026-44546

A flaw was found in daphne. This vulnerability arises from a parser differential where daphne reconstructs HTTP requests from Twisted's headers, but Twisted and autobahn handle certain header line separators differently. An attacker can exploit this to inject additional headers into the ASGI...

5.3CVSS5.5AI score0.00172EPSS
Exploits0References4
NVD
NVD
added 2026/05/08 4:16 p.m.13 views

CVE-2026-41683

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which ...

8.6CVSS0.00327EPSS
Exploits0References1
OSV
OSV
added 2026/04/02 8:31 p.m.5 views

GHSA-RX22-G9MX-QRHV Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values

Summary Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename or name instead of removing the folded line break during unfolding. As a result,...

4.8CVSS5.9AI score0.00227EPSS
Exploits0References4
OSV
OSV
added 2026/01/26 2:42 p.m.3 views

BIT-LIBPYTHON-2025-11468 Folding email comments of unfoldable characters doesn't preserve parenthesis

When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized...

5.7CVSS5.9AI score0.0055EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.5 views

PT-2025-50080

Name of the Vulnerable Software and Affected Versions SNMP Web Pro version 1.1 Description An unauthenticated directory traversal issue exists in the cgi-bin/upload.cgi component. The component concatenates user-supplied parameters directly onto a base path /var/www/files/userScript/ using memcpy...

7.5CVSS6.8AI score0.00722EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0065

Malware in sbrugna...

6.1CVSS6.8AI score0.03146EPSS
Exploits0References19
Amazon
Amazon
added 2025/02/25 12:0 a.m.30 views

Medium: python3

Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 There ...

7.5CVSS7.1AI score0.02303EPSS
Exploits1
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.37 views

Refit 注入漏洞

Refit is a library in the ReactiveUI open source. Refit suffers from an injection vulnerability that stems from failing to check for CRLF characters in the header value, making it vulnerable to server-side request forgery attacks...

10CVSS7AI score0.00535EPSS
Exploits0References3
Rows per page
Query Builder