Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

34118 matches found

ATTACKERKB
ATTACKERKBadded 2026/04/07 5:7 p.m.0 views

CVE-2026-35572

ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger server-side HTTP/HTTPS requests to arbitrary hosts SSRF by supplying a crafted URL in the Referer request header. The server subsequently makes an outbound request to the attacker-controlled domain,...

7CVSS6AI score0.00064EPSS
Exploits1References2Affected Software1
EUVD
EUVDadded 2026/04/07 5:7 p.m.1 views

EUVD-2026-19770

ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger server-side HTTP/HTTPS requests to arbitrary hosts SSRF by supplying a crafted URL in the Referer request header. The server subsequently makes an outbound request to the attacker-controlled domain,...

7CVSS6AI score0.00064EPSS
Exploits1References1
CVE
CVEadded 2026/04/07 5:7 p.m.6 views

CVE-2026-35572

CVE-2026-35572 affects ChurchCRM (prior to version 6.5.3). An SSRF flaw can be triggered by supplying a crafted URL in the Referer header, causing the server to initiate outbound HTTP/HTTPS requests to arbitrary hosts. The attack is confirmed via OAST, and remediation is to upgrade to 6.5.3, whic...

7CVSS6AI score0.00064EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVEadded 2026/04/07 5:3 p.m.5 views

CVE-2026-34975

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where user-supplied values for from.name, subject, custom header keys/values, and attachment filenames were interpolated directly into raw MIME...

8.5CVSS6.1AI score0.00049EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2026/04/07 5:3 p.m.2 views

CVE-2026-35042

fast-jwt provides fast JSON Web Token JWT implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token...

7.5CVSS5.9AI score0.00031EPSS
Exploits1References1
Snyk
Snykadded 2026/04/07 4:15 p.m.0 views

Allocation of Resources Without Limits or Throttling

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the ASGI requests with a missing or understated Content-Length header whe...

7.5CVSS5.9AI score0.00035EPSS
Exploits0References2
Snyk
Snykadded 2026/04/07 4:14 p.m.1 views

User Impersonation

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to User Impersonation via the ASGIRequest objects. An attacker can impersonate users or manipulate request headers by exploiting the...

7.5CVSS5.9AI score0.00016EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletinsadded 2026/04/07 4:13 p.m.5 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality (CVE-2026-27959)

Summary Node.js module Koa is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in Node.js modu...

7.5CVSS5.9AI score0.00125EPSS
Exploits1Affected Software1
OSV
OSVadded 2026/04/07 3:30 p.m.1 views

GHSA-MVFQ-GGXM-9MC5 Django vulnerable to ASGI header spoofing via underscore/hyphen conflation

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.8AI score0.00016EPSS
Exploits0References6
EUVD
EUVDadded 2026/04/07 3:30 p.m.0 views

EUVD-2026-19686

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.9AI score0.00016EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/04/07 3:30 p.m.4 views

Django vulnerable to ASGI header spoofing via underscore/hyphen conflation

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.9AI score0.00016EPSS
Exploits0References6Affected Software1
EUVD
EUVDadded 2026/04/07 3:30 p.m.3 views

EUVD-2025-209268

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. An out-of-bounds write occurs due to a mismatch between the TP-UDHI...

5.9AI score0.0002EPSS
Exploits0References3
OSV
OSVadded 2026/04/07 3:17 p.m.1 views

DEBIAN-CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.4AI score0.00016EPSS
Exploits0References1
NVD
NVDadded 2026/04/07 3:17 p.m.1 views

CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS0.00016EPSS
Exploits0References3
OSV
OSVadded 2026/04/07 3:17 p.m.3 views

PYSEC-2026-51

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.8AI score0.00016EPSS
Exploits0References4
PyPA
PyPAadded 2026/04/07 3:17 p.m.8 views

PYSEC-2026-51

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores.Earlier, unsupported Django...

7.5CVSS5.8AI score0.00016EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2026/04/07 3:17 p.m.3 views

CVE-2026-35480

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes declared in CBOR headers a...

6.2CVSS0.00006EPSS
Exploits0References1
PyPA
PyPAadded 2026/04/07 3:17 p.m.6 views

PYSEC-2026-49

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.ASGI requests with a missing or understated Content-Length header couldbypass the DATAUPLOADMAXMEMORYSIZE limit when readingHttpRequest.body, allowing remote attackers to load an unbounded request body...

7.5CVSS5.8AI score0.00035EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2026/04/07 3:17 p.m.7 views

PYSEC-2026-49

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

7.5CVSS5.8AI score0.00035EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/07 2:22 p.m.4 views

CVE-2026-33034

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

5.9AI score0.00035EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder