Lucene search
K

35859 matches found

CVE
CVE
•added yesterday•34 views

CVE-2026-47737

CVE-2026-47737 affects the Puma Ruby/Rack web server. From 5.5.0 up to 7.2.1 and 8.0.2, it is vulnerable to source IP spoofing when set_remote_address proxy_protocol: :v1 is enabled and persistent connections are used. Puma re-parses PROXY protocol headers after each keep-alive on the same connec...

7.5CVSS6.1AI score0.00015EPSS
Exploits0References7
CVE
CVE
•added yesterday•24 views

CVE-2026-47212

Symfony’s Twilio Notifier Bridge contains a vulnerability in TwilioRequestParser::doParse() where the configured webhook secret is read but the X-Twilio-Signature verification is ignored, allowing unauthenticated POSTs to inject forged Twilio status payloads. Affected releases: Symfony before 6.4...

6.9CVSS6.1AI score0.00026EPSS
Exploits0References5
CVE
CVE
•added yesterday•12 views

CVE-2026-45755

The CVE-2026-45755 issue affects Symfony’s Mailtrap Mailer Bridge (package symfony/mailtrap-mailer). The MailtrapRequestParser::doParse() method accepts the webhook payload using a configured secret but does not verify the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to forg...

6.9CVSS6.1AI score0.00026EPSS
Exploits0References4
CVE
CVE
•added yesterday•39 views

CVE-2026-45070

This CVE concerns Symfony's Mime ParameterizedHeader: parameter names are emitted verbatim in serialized headers, allowing CRLF or non-token bytes to be injected via untrusted input. Affected component: Symfony\Component\Mime\Header\ParameterizedHeader (and related Headers). Root cause: names are...

6.3CVSS6.1AI score0.00056EPSS
Exploits0References6
CVE
CVE
•added yesterday•14 views

CVE-2026-45074

Symfony’s Cas2Handler derives the CAS service URL from Request::getSchemeAndHttpHost(), which uses the Host header when framework.trusted_hosts is not configured. An attacker controlling another app registered with the same CAS server can replay a victim’s CAS ticket and authenticate as that vict...

7.6CVSS6.1AI score0.00064EPSS
Exploits0References4
CVE
CVE
•added yesterday•87 views

CVE-2026-45067

The CVE affects Symfony MIME Address: the constructor previously accepted local-parts like "x\r\nBcc: attacker@evil" which could be emitted into message headers and SMTP commands (MAIL FROM/RCPT), enabling CRLF injection. The issue’s root cause is acceptance of line breaks in quoted local-parts; ...

6.3CVSS6.1AI score0.00062EPSS
Exploits0References6
CVE
CVE
•added yesterday•8 views

CVE-2025-62826

An Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting' vulnerability CWE-113 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all...

4.3CVSS6.2AI score
Exploits0References1Affected Software2
CVE
CVE
•added yesterday•4 views

CVE-2025-62675

An Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting' vulnerability CWE-113 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all...

4.3CVSS6.2AI score
Exploits0References1Affected Software2
Cvelist
Cvelist
•added yesterday•10 views

CVE-2026-56451

A vulnerability has been identified in Opcenter X All versions V2604. Affected applications do not properly validate the algorithm specified in the JSON Web Token JWT header. This could allow an unauthenticated remote attacker to forge arbitrary JWT, bypass authentication mechanisms and impersona...

10CVSS0.00384EPSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•10 views

CVE-2026-6790

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...

5.3CVSS0.00196EPSS
Exploits0References1
EUVD
EUVD
•added yesterday•5 views

EUVD-2026-43646

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...

5.3CVSS6.1AI score0.00196EPSS
Exploits0References1
CVE
CVE
•added yesterday•6 views

CVE-2026-6790

In Eclipse Jetty, HTTP/1 requests to HTTP/1.3 (HTTP/2/3 included) do not enforce that the request authority (host and port) matches the Host header when present. This mismatch can affect URI redirects, virtual host selection, reverse proxying, and logs. The issue is described across CVE sources (...

5.3CVSS6.1AI score0.00196EPSS
Exploits0References1Affected Software1
CVE
CVE
•added yesterday•8 views

CVE-2026-59246

The CVE concerns elixir-mint mint: an unbounded chain of zero-length HTTP/2 CONTINUATION frames can bypass the header-block size cap in Mint.HTTP2.handle_continuation/3, causing unbounded memory growth on the client and eventual out-of-memory termination. The vulnerability arises because each CON...

6.3CVSS6.2AI score0.00305EPSS
Exploits0References4
EUVD
EUVD
•added yesterday•5 views

EUVD-2026-43643

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handlecontinuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2...

6.3CVSS6.2AI score0.00305EPSS
Exploits0References4
Cvelist
Cvelist
•added yesterday•10 views

CVE-2026-59246 Zero-length HTTP/2 CONTINUATION frames bypass Mint's header-block byte-size cap and exhaust client memory

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handlecontinuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2...

6.3CVSS0.00305EPSS
Exploits0References4
OSV
OSV
•added yesterday•3 views

EEF-CVE-2026-58229 Unbounded HTTP/1 response-header and chunked-trailer accumulation in Mint causes memory-exhaustion DoS

Summary Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP1.decode\headers/5 and Mint.HTTP1.decode\trailer\headers/4 functions in lib/mint/http1.ex accumulate every...

8.2CVSS6.2AI score0.00305EPSS
Exploits0References4
CVE
CVE
•added yesterday•7 views

CVE-2026-58229

The CVE-2026-58229 issue affects the Elixir Mint HTTP client. Mint.HTTP1.decode_headers/5 and Mint.HTTP1.decode_trailer_headers/4 accumulate all parsed response headers and trailer fields into a request.headers_buffer without a cap, and decoding uses unlimited per-line/packet limits. A malicious ...

8.2CVSS6.2AI score0.00305EPSS
Exploits0References4
EUVD
EUVD
•added yesterday•5 views

EUVD-2026-43642

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP1.decodeheaders/5 and Mint.HTTP1.decodetrailerheaders/4 functions in lib/mint/http1.ex accumulate every parsed...

8.2CVSS6.2AI score0.00305EPSS
Exploits0References4
Cvelist
Cvelist
•added yesterday•9 views

CVE-2026-58229 Unbounded HTTP/1 response-header and chunked-trailer accumulation in Mint causes memory-exhaustion DoS

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP1.decodeheaders/5 and Mint.HTTP1.decodetrailerheaders/4 functions in lib/mint/http1.ex accumulate every parsed...

8.2CVSS0.00305EPSS
Exploits0References4
CVE
CVE
•added yesterday•6 views

CVE-2026-12606

CVE-2026-12606 affects Eclipse Grizzly prior to 5.0.2. The issue is in parsing the trailer section of malformed trailer headers, which can be exploited to perform HTTP request smuggling. Affected component: Grizzly HTTP parsing logic. Root cause: improper handling of trailer headers in malformed ...

6.3CVSS6.1AI score0.00267EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder