Lucene search
K

34 matches found

Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50516

Name of the Vulnerable Software and Affected Versions undici versions 6.x prior to 6.26.0 undici versions 7.0.0 through 7.27.x undici versions 8.x prior to 8.5.0 Description The cookie parser in the parseSetCookie function percent-decodes cookie values using qsUnescape, which converts encoded...

5.9CVSS5.5AI score0.00257EPSS
Exploits0References80
OSV
OSV
added 2026/05/22 7:14 a.m.5 views

CLSA-2026-1779434064 libdnf: Fix of CVE-2021-3445

CVE-2021-3445: fix signature verification bypass via signature placed in the main RPM header...

7.5CVSS7.3AI score0.01117EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 1:33 p.m.9 views

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS7AI score0.00463EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/04/30 10:58 a.m.95 views

metasploit-web-scanner-module

MSF Web Vulnerability Scanner Advanced Advanced Metasploit au...

5.4AI score
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/18 12:0 a.m.9 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:53 a.m.9 views

CVE-2020-10376

Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header...

9.8CVSS7.2AI score0.01064EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:51 a.m.7 views

CVE-2020-10436

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/my-profile.php by adding a question mark ? followed by the payload...

4.8CVSS6.1AI score0.00611EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:29 a.m.8 views

CVE-2023-50324

IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038...

5.3CVSS6.1AI score0.00434EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-5704

Malware in sbrugna...

6.1CVSS6.3AI score0.00635EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-17262

Malware in sbrugna...

7.5CVSS7.6AI score0.0158EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-3389

Malware in sbrugna...

4.3CVSS6.1AI score0.01821EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2021-21880

Malware in sbrugna...

5CVSS4.9AI score0.00929EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-2219

Malware in sbrugna...

5.3CVSS5.2AI score0.02662EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-34239

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00432EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/06/30 12:0 a.m.3 views

EulerOS 2.0 SP13 : golang (EulerOS-SA-2025-1687)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate...

6.1CVSS6.5AI score0.00647EPSS
Exploits0References3
Hacker One
Hacker One
added 2025/06/06 1:26 a.m.10 views

curl: Failure to strip Proxy-Authorization header on change in origin

Summary: Failure to strip Proxy-Authorization header on change in origin. AI was not used. I maintain the PHP Guzzle HTTP package which uses curl, and noticed we have the same issue as curl in this regard. I was made aware of this issue when golang patched something similar a few hours ago:...

6.8CVSS8.6AI score0.0056EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:31 a.m.8 views

CVE-2024-26267

In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property http.header.version.verbosity is set to full, which allows remote...

5.3CVSS7.2AI score0.00527EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/07 12:0 a.m.9 views

Azure Linux 3.0 Security Update: libsoup (CVE-2025-46421)

The version of libsoup installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-46421 advisory. - A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP...

6.8CVSS6.9AI score0.00478EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/01/13 12:0 a.m.13 views

EulerOS 2.0 SP10 : python-urllib3 (EulerOS-SA-2025-1030)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization...

6.5CVSS6.8AI score0.01141EPSS
Exploits1References2
Veracode
Veracode
added 2025/01/02 12:3 p.m.11 views

Header Injection

Traefik is vulnerable to Header Injection. The vulnerability is due to improper validation of the X-Forwarded-Prefix header, allowing it to be provided from an untrusted source...

6.3CVSS7AI score0.00389EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder