Lucene search
+L

766 matches found

NVD
NVD
added 3 hours ago5 views

CVE-2026-63959

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm/tcpcimaxim: validate header NDO against RXBYTECNT A broken/malicious port can transmit a CRC-valid frame whose header advertises up to seven data objects but whose body carries fewer than that. Check for this, an...

Exploits0References5
CVE
CVE
added 5 hours ago5 views

CVE-2026-63959

The CVE-2026-63959 vulnerability affects the Linux kernel USB Type-C support (tcpm/tcpci_maxim). A broken/malicious USB-C port could transmit a CRC-valid frame where the header advertises up to seven data objects but the body carries fewer, causing the driver to read from uninitialized stack memo...

5.3AI score
Exploits0References5
Cvelist
Cvelist
added 5 hours ago3 views

CVE-2026-63959 usb: typec: tcpm/tcpci_maxim: validate header NDO against RX_BYTE_CNT

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm/tcpcimaxim: validate header NDO against RXBYTECNT A broken/malicious port can transmit a CRC-valid frame whose header advertises up to seven data objects but whose body carries fewer than that. Check for this, an...

Exploits0References5
CVE
CVE
added 5 hours ago3 views

CVE-2026-63902

The CVE-2026-63902 issue affects the Linux kernel USB-serial Cypress M8 driver. cypress_read_int_callback() parses the interrupt-in buffer for two Cypress packet formats (format 1: two-byte status/count header; format 2: one-byte combined header). The interrupt buffer is sized from the endpoint w...

5.6AI score
Exploits0References8
Cvelist
Cvelist
added 5 hours ago3 views

CVE-2026-63902 USB: serial: cypress_m8: validate interrupt packet headers

In the Linux kernel, the following vulnerability has been resolved: USB: serial: cypressm8: validate interrupt packet headers cypressreadintcallback parses the interrupt-in buffer according to the selected Cypress packet format. Format 1 has a two-byte status/count header and format 2 has a...

Exploits0References8
Nuclei
Nuclei
added 17 hours ago18 views

Astro SSR - Server-Side Request Forgery

Astro before 5.17.3 and @astrojs/node before 9.5.4 are vulnerable to full-read SSRF due to improper Host header validation in error page rendering, allowing attackers to redirect requests and access internal resources. id: CVE-2026-25545 info: name: Astro SSR - Server-Side Request Forgery author:...

8.6CVSS5.2AI score0.01414EPSS
Exploits1References3
Nuclei
Nuclei
added 17 hours ago63 views

Versa Concerto Actuator Endpoint - Authentication Bypass

An authentication bypass vulnerability affected the Spring Boot Actuator endpoints in Versa Concerto due to improper handling of the X-Real-Ip header.Attackers could access restricted endpoints by omitting this header.The issue allowed unauthorized access to sensitive functionality, highlighting...

9.2CVSS8.7AI score0.83479EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 20 hours ago3 views

PT-2026-61219

In the Linux kernel, the following vulnerability has been resolved: USB: serial: cypress m8: validate interrupt packet headers cypress read int callback parses the interrupt-in buffer according to the selected Cypress packet format. Format 1 has a two-byte status/count header and format 2 has a...

5.5AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 20 hours ago5 views

PT-2026-61276

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm/tcpci maxim: validate header NDO against RX BYTE CNT A broken/malicious port can transmit a CRC-valid frame whose header advertises up to seven data objects but whose body carries fewer than that. Check for this,...

5.3AI score
Exploits0References6
NVD
NVD
added 2 days ago9 views

CVE-2024-23577

HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...

4.3CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago34 views

CVE-2024-23577

HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...

4.3CVSS0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago8 views

EUVD-2024-55668

HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...

4.3CVSS5.6AI score0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago8 views

CVE-2024-23577

HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...

4.3CVSS5.6AI score0.00175EPSS
Exploits0References2Affected Software1
OSV
OSV
added 4 days ago6 views

SUSE-SU-2026:3057-1 Security update for terraform-provider-susepubliccloud

This update for terraform-provider-susepubliccloud fixes the following issues - CVE-2022-41723: go1.19,go1.20: net/http2: quadratic complexity in HPACK decoding bsc1208300. - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-header...

9.6CVSS7AI score0.04561EPSS
Exploits1References22
NVD
NVD
added 5 days ago7 views

CVE-2026-44745

SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results...

8.1CVSS0.00331EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43585

SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results...

8.1CVSS6.1AI score0.00331EPSS
Exploits0References2
OSV
OSV
added 6 days ago5 views

SUSE-SU-2026:2888-1 Security update for the Linux Kernel (Live Patch 52 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.209 fixes various security issues The following security issues were fixed: - CVE-2026-23393: bridge: cfm: Fix race condition in peermep deletion bsc1260524. - CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of...

9.8CVSS6.6AI score0.00563EPSS
Exploits8References41
OSV
OSV
added 2026/07/10 6:1 p.m.3 views

GHSA-489G-7RXV-6C8Q MCP Atlassian: DNS-rebinding TOCTOU bypass of the SSRF fix (CVE-2026-27826)

Summary GHSA-7r34-79r5-rcc9's fix added validateurlforssrf, which resolves the attacker-controlled X-Atlassian-Jira,Confluence-Url header host once at middleware time and trusts the result. But the outbound request is later built with the raw hostname and re-resolves at connect time with no IP...

6.5CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/06 3:27 p.m.5 views

BIT-PYTHON-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.7AI score0.00562EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.25 views

CVE-2026-56230 Capgo - Broken Object Level Authorization via x-limited-key-id Header

Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey that accepts the client-controlled x-limited-key-id header without validating ownership, allowing authenticated users to adopt cross-tenant limited keys. Attackers can supply another tenant's limited...

8.8CVSS0.00322EPSS
Exploits0References2
Rows per page
Query Builder