Lucene search
K

200 matches found

CVE
CVE
added 5 days ago8 views

CVE-2026-59897

CVE-2026-59897 affects Hono: API Gateway v1 adapter (versions prior to 4.12.27). The AWS API Gateway v1 adapter drops a distinct repeated request header value due to de-duplication by substring comparison instead of exact match, which can cause incomplete data in headers like X-Forwarded-For. Thi...

5.3CVSS6AI score0.00126EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/01 4:59 p.m.35 views

CVE-2026-49088 Insertion of Sensitive Information into Log File in Kibana Leading to Information Disclosure

Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...

4.4CVSS0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:59 p.m.6 views

CVE-2026-49088

Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...

4.4CVSS5.7AI score0.00211EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/25 7:16 p.m.8 views

CVE-2026-28898

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...

5.3CVSS0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 6:36 p.m.17 views

CVE-2026-28898

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...

0.00192EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 6:36 p.m.6 views

CVE-2026-28898

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:36 p.m.6 views

EUVD-2026-39533

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/18 3:4 p.m.8 views

Kirby: Request header injection in `Http\Remote`

TL;DR This vulnerability affects Kirby sites and plugins that use the Kirby\Http\Remote class including Remote::request, Remote::get, Remote::post, and similar helpers to send outgoing HTTP requests and that pass untrusted, user-controlled data into the headers option of such a request. By...

6.9CVSS5.9AI score0.0029EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/12 3:8 p.m.14 views

SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToHTTP1Codec

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec HTTP2FramePayloadToHTTP1ServerCodec / HTTP2ToHTTP1ServerCodec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. A remote attacker could send an HTTP/2 request containing CR \r, LF \n, o...

5.3CVSS5.5AI score0.00192EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/12 12:0 a.m.13 views

SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToHTTP1Codec

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec HTTP2FramePayloadToHTTP1ServerCodec / HTTP2ToHTTP1ServerCodec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. A remote attacker could send an HTTP/2 request containing CR \r, LF \n, o...

5.3CVSS5.4AI score0.00192EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/10 1:13 a.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the DelegatingDeserializer function. An attacker can exhaust system memory by sending records with unique, random spring.kafka.serialization.selector header values, leading to...

7.1CVSS5.3AI score0.00289EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 12:31 a.m.15 views

EUVD-2026-35903

When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...

6.5CVSS5.5AI score0.00289EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/10 12:31 a.m.36 views

In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header

When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...

6.5CVSS5.2AI score0.00289EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/06/10 12:16 a.m.12 views

CVE-2026-41726

When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...

6.5CVSS0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

VMware Spring for Apache Kafka 输入验证错误漏洞

VMware Spring for Apache Kafka is a Kafka messaging integration framework developed by VMware, Inc. Versions of Spring for Apache Kafka such as 4.0.0 and earlier, 3.3.0 and earlier, 3.2.0 and earlier, 2.9.0 and earlier, and 2.8.0 and earlier have a input validation vulnerability. This vulnerabili...

6.5CVSS5.4AI score0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:48 p.m.40 views

CVE-2026-41726 In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header

When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...

6.5CVSS0.00289EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 p.m.9 views

CVE-2026-41726 In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header

When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...

6.5CVSS5.4AI score0.00289EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.12 views

Amazon Linux 2023 : perl-HTTP-Tiny, perl-HTTP-Tiny-tests (ALAS2023-2026-1765)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1765 advisory. HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that...

6.5CVSS5.6AI score0.00227EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-42249

Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These...

9.8CVSS6.6AI score0.00625EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 1:13 p.m.11 views

CVE-2026-41293

Apache Tomcat did not validate HTTP/2 request headers, triggering unexpected application behavior, as applications may presume that header values exposed through the Servlet API would be valid...

9.8CVSS5.4AI score0.01339EPSS
Exploits0References4
Rows per page
Query Builder