Lucene search
+L

106 matches found

nessus
nessus
added 6 days ago7 views

RockyLinux 9 : gstreamer1-plugins-ugly-free (RLSA-2026:36674)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:36674 advisory. gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer audio stream header parser CVE-2026-53703 gstreamer1-plugins-ugly-free:...

7.1CVSS6.2AI score0.00228EPSS
Exploits0References5
cvelist
cvelist
added last week30 views

CVE-2026-15274 lo48576 fbxcel Node Header parser.rs denial of service

A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the file src/pullparser/v7400/parser.rs of the component Node Header Handler. The manipulation results in denial of service. The attack must be initiated from a local position. The exploit is now public an...

4.8CVSS0.0012EPSS
Exploits0References7
github
github
added 2026/05/27 12:37 a.m.21 views

@hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters

Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...

5.7AI score0.00052EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2026/05/25 2:0 p.m.9 views

CVE-2026-47066 Infinite loop in Alt-Svc header parser in hackney

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !, @, =, ...

8.7CVSS6AI score0.00703EPSS
Exploits1References4
cnnvd
cnnvd
added 2026/05/25 12:0 a.m.13 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions 2.0.0-beta.1 through prior to 4.0.1, which stems from the Alt-Svc response header parser's inability to guarantee forward progress, potentially leading to infinite loops and CPU exhaustion...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References4
redhatcve
redhatcve
added 2026/02/21 1:30 a.m.6 views

CVE-2026-26282

NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, NanaZip has an out-of-bounds heap read in .NET Single File bundle header parser due to missing bounds check. Opening a crafted file with NanaZip causes a crash or leaks heap data to the user...

6.6CVSS5.6AI score0.00172EPSS
Exploits1References1
cve
cve
added 2026/02/19 8:41 p.m.15 views

CVE-2026-26282

NanaZip (open source file archiver) is affected by CVE-2026-26282: an out-of-bounds heap read in the .NET Single File bundle header parser due to a missing bounds check. Affected versions are 5.0.1252.0 through prior to 6.0.1630.0; upgrading to 6.0.1630.0 patches the issue. Exploitation would req...

6.6CVSS5.6AI score0.00172EPSS
Exploits1References2Affected Software1
cnnvd
cnnvd
added 2026/02/19 12:0 a.m.9 views

NanaZip 安全漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip prior to 6.0.1630.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of boundary checks in the.NET Single File bundling header parser, which could lead to out-of-bounds heap access...

6.6CVSS5.8AI score0.00172EPSS
Exploits1References2
redhat
redhat
added 2026/02/10 8:28 p.m.3 views

php: Header parser of http stream wrapper does not handle folded headers

A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...

6.3CVSS5.8AI score0.00547EPSS
Exploits1References5
osv
osv
added 2026/01/29 8:16 p.m.8 views

AZL-76367 CVE-2025-63656 affecting package fluent-bit 3.1.10-4

An out-of-bounds read in the headercmp function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

7.5CVSS5.8AI score0.01043EPSS
Exploits1References1
nessus
nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : squid:4 (AXSA:2024-7632:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7632:01 advisory. squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of...

8.6CVSS5.7AI score0.88864EPSS
Exploits0References4
nessus
nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : squid-5.5-6.el9_3.8 (AXSA:2024-7624:02)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7624:02 advisory. squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of...

8.6CVSS5.7AI score0.88864EPSS
Exploits0References4
nessus
nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 9 : php:8.2 (AXSA:2025-10480:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10480:01 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with...

9.8CVSS7.6AI score0.02286EPSS
Exploits5References9
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-14681

Malware in sbrugna...

9.8CVSS9.3AI score0.03687EPSS
Exploits1References2
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-4504

Malware in sbrugna...

9.8CVSS9.2AI score0.03354EPSS
Exploits0References13
osv
osv
added 2025/10/04 12:11 a.m.13 views

RLSA-2025:7431 Moderate: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth header CVE-2025-1736 php: Streams HTTP wrapper...

5.3CVSS5.7AI score0.00821EPSS
Exploits2References6
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2759

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.0719EPSS
Exploits1References21
nessus
nessus
added 2025/09/29 12:0 a.m.9 views

AlmaLinux 8 : php:8.2 (ALSA-2025:15687)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:15687 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-deco...

9.8CVSS7.6AI score0.02286EPSS
Exploits5References10
nessus
nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-6548

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame would not be changed...

9.8CVSS8.3AI score0.01387EPSS
Exploits1References2
nessus
nessus
added 2025/07/30 12:0 a.m.10 views

RockyLinux 9 : php:8.2 (RLSA-2025:7432)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:7432 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-deco...

9.8CVSS7.6AI score0.02286EPSS
Exploits5References17
Rows per page
Query Builder