Lucene search
+L

245 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2026/01/21 12:0 a.m.11 views

Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash

A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace Context...

5.3CVSS5.6AI score0.00392EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/20 9:26 p.m.4 views

CVE-2026-0865 wsgiref.headers.Headers allows header newline injection

User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS5.4AI score0.00463EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.11 views

CVE-2022-31746

Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS 102...

6.5CVSS6.3AI score0.00412EPSS
Exploits0References1
Amazon
Amazon
added 2026/01/05 12:0 a.m.8 views

Important: python-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can ...

7.5CVSS6.8AI score0.00403EPSS
Exploits0
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Advanced iFrame plugin <= 2024.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Host Header vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Host Header vulnerability discovered by omstaendlig in WordPress Plugin Advanced iFrame versions = 2024.5...

6.4CVSS5.9AI score0.00193EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2025/12/11 12:23 a.m.4 views

SUSE CVE-2025-66577

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real-IP headers which...

5.3CVSS6.8AI score0.0024EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/10 10:20 p.m.2 views

CVE-2025-67494

ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI V2 treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This...

9.3CVSS6.8AI score0.0046EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.9 views

cpp-httplib 安全漏洞

cpp-httplib is an HTTP/HTTPS server and client library written in C++ by the individual developer yhirose. A security vulnerability exists in cpp-httplib versions prior to 0.27.0, which stems from an attacker-controllable HTTP header that affects server-visible metadata, logging, and authorizatio...

10CVSS7.6AI score0.00307EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.11 views

PT-2025-44644

Name of the Vulnerable Software and Affected Versions Totolink LR350 version 9.3.5u.6369 B20220309 Description The software contains a stack overflow issue via the http host parameter in the sub 426EF8 function. A crafted request can cause a Denial of Service DoS. The vulnerable parameter is http...

9CVSS6.8AI score0.00376EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.3 views

PT-2025-44357

Name of the Vulnerable Software and Affected Versions Drupal Reverse Proxy Header versions prior to 1.1.2 Description An improper validation of consistency within input exists in Drupal Reverse Proxy Header, allowing manipulation of user-controlled variables. Recommendations Update to version 1.1...

5.3CVSS6.6AI score0.00276EPSS
Exploits0References6
Snyk
Snyk
added 2025/10/24 7:15 p.m.2 views

HTTP Request Smuggling

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Request Smuggling via the CORS middleware, which copies the Vary header from the request to the response when the origin is not set to "". An attacker can influence cache behavior or...

6.9CVSS7AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/10 9:55 a.m.3 views

CVE-2025-52630 HCL AION is susceptible to Missing or insecure "X-Content-Type-Options" header vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0...

3.7CVSS6.5AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2011-0528

Malware in sbrugna...

4.3CVSS6.4AI score0.0192EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-2831

Malware in sbrugna...

9.8CVSS9.2AI score0.01064EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2001-0803

Malware in sbrugna...

7.5CVSS6.4AI score0.06374EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2001-0517

Malware in sbrugna...

7.5CVSS6.4AI score0.01752EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-4961

Malware in sbrugna...

4.3CVSS6.4AI score0.04759EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-3819

Malware in sbrugna...

8.6CVSS8.8AI score0.06541EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-16776

Malware in sbrugna...

8.8CVSS8.6AI score0.52093EPSS
Exploits2References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2009-2995

Malware in sbrugna...

4.3CVSS6.4AI score0.00938EPSS
Exploits1References4
Rows per page
Query Builder