Lucene search
K

174 matches found

RedHat Linux
RedHat Linux
added 2026/07/02 2:52 p.m.7 views

kernel: netfilter: nft_inner: Fix IPv6 inner_thoff desync

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nftinner module. This vulnerability arises from an incorrect handling of IPv6 inner packet processing, where the transport header offset innerthoff becomes desynchronized from the Layer 4 protocol l4proto. A remot...

9.1CVSS5.8AI score0.00322EPSS
Exploits0References5
OSV
OSV
added 2026/06/24 9:1 a.m.3 views

SUSE-SU-2026:2612-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues Security issues: - CVE-2026-39821: Update golang.org/x/net/idna dependency bsc1266603. - CVE-2026-39827: Update golang.org/x/crypto dependency bsc1266171. - CVE-2026-39828: Update golang.org/x/crypto dependency bsc1266171. -...

10CVSS6.9AI score0.91969EPSS
Exploits4References38
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.8 views

Amazon Linux 2 : golist, --advisory ALAS2-2026-3382 (ALAS-2026-3382)

The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3382 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN...

7.5CVSS6.3AI score0.00939EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/16 5:36 p.m.6 views

HTTP Request Smuggling

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to HTTP Request Smuggling via improper validation of the Host header in the request scope. An attacker can gain unauthorized access to API endpoints by...

9.1CVSS5.9AI score0.01014EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 2:34 p.m.11 views

EUVD-2026-34287

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References2
CVE
CVE
added 2026/06/03 1:16 p.m.48 views

CVE-2026-48587

CVE-2026-48587 affects Django 5.2 before 5.2.15 and 6.0 before 6.0.6. The flaw in django.utils.cache.has_vary_header() does not strip leading/trailing whitespace from the Vary header before comparison, enabling remote attackers to read cached responses by requesting URLs whose responses contain w...

5.3CVSS5.8AI score0.00354EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-45940

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: stmmac: fix oops when split header is enabled For GMAC4, when split header is enabled, in some rare cases, the hardware does not fill buf2 of the first...

5.5CVSS6AI score0.00153EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.14 views

PT-2026-36293

Name of the Vulnerable Software and Affected Versions Totolink NR1800X version 9.1.0u.6279 B20210910 Description A stack-based buffer overflow exists in the lighttpd component. This issue occurs when the find host ip function improperly handles the Host argument, allowing a remote attacker to...

10CVSS7.7AI score0.00754EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013203)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013203 advisory. In the Linux kernel, the following vulnerability has been resolved: net: add vlangetprotocolanddepth helper Before blamed commit, pskbmaypull was used instead of...

5.5CVSS5.7AI score0.00136EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/04/17 12:23 a.m.11 views

USN-8182-1: Rack vulnerabilities

Andrew Lacambra discovered that Rack did not properly parse certain regular expressions. An attacker could possibly use this issue to bypass network security filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. CVE-2026-26961 William T. Nelson...

7.5CVSS5.9AI score0.00475EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.5 views

SUSE SLES15 Security Update : nodejs20 (SUSE-SU-2026:1371-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1371-1 advisory. Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism...

7.5CVSS7AI score0.26356EPSS
Exploits0References22
OSV
OSV
added 2026/04/15 12:0 a.m.15 views

ALSA-2026:8339 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophi...

8.7CVSS6.9AI score0.26356EPSS
Exploits2References10
SUSE CVE
SUSE CVE
added 2026/04/14 8:43 a.m.7 views

SUSE CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

4.9CVSS5.8AI score0.00562EPSS
Exploits0References14
Amazon
Amazon
added 2026/04/13 12:0 a.m.7 views

Important: nodejs22

Issue Overview: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called ...

7.5CVSS7.1AI score0.26356EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-34525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This iss...

6.3CVSS5.4AI score0.00288EPSS
Exploits0References3
OSV
OSV
added 2026/04/01 9:17 p.m.9 views

UBUNTU-CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

6.3CVSS5.7AI score0.00288EPSS
Exploits0References6
CVE
CVE
added 2026/04/01 8:28 p.m.35 views

CVE-2026-34525

AIOHTTP (async HTTP client/server for asyncio and Python) before version 3.13.4 allowed multiple Host headers due to its header handling. This issue has been fixed in version 3.13.4. Affected component: Host header processing in aiohttp prior to 3.13.4. Remediation: upgrade to 3.13.4 or later. Ex...

6.3CVSS5.8AI score0.00288EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/04/01 8:15 p.m.6 views

CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS5.2AI score0.00337EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/03/31 9:11 a.m.11 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS5.8AI score0.0056EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.6 views

RHEL 8 : python3 (RHSA-2026:6008)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6008 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

6CVSS6AI score0.0056EPSS
Exploits0References9
Rows per page
Query Builder