Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

34119 matches found

UbuntuCve
UbuntuCveadded 2026/04/03 4:16 p.m.2 views

CVE-2026-23442

In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths in6devget can return NULL when the device has no IPv6 configuration e.g. MTU IPV6MINMTU or after NETDEVUNREGISTER. Add NULL checks for idev returned by in6devget in both...

5.5CVSS5.7AI score0.00031EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/03 3:15 p.m.0 views

CVE-2026-23451

In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bondheaderparse bondheaderparse can loop if a stack of two bonding devices is setup, because skb-dev always points to the hierarchy top. Add new "const struct netdevice dev" parameter t...

5.7AI score0.00062EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2026/04/03 3:15 p.m.18 views

CVE-2026-23451 bonding: prevent potential infinite loop in bond_header_parse()

In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bondheaderparse bondheaderparse can loop if a stack of two bonding devices is setup, because skb-dev always points to the hierarchy top. Add new "const struct netdevice dev" parameter t...

7.5CVSS0.00062EPSS
Exploits0References4
OSV
OSVadded 2026/04/03 2:16 p.m.3 views

UBUNTU-CVE-2026-23424

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Validate command buffer payload count The count field in the command header is used to determine the valid payload size. Verify that the valid payload does not exceed the remaining buffer space...

7.1CVSS5.8AI score0.00017EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/04/03 1:24 p.m.1 views

CVE-2026-23424

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Validate command buffer payload count The count field in the command header is used to determine the valid payload size. Verify that the valid payload does not exceed the remaining buffer space...

5.9AI score0.00017EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2026/04/03 12:43 p.m.3 views

CLSA-2026-1775220180 nodejs: Fix of CVE-2023-45143

CVE-2023-45143: fix cookie and host header leak on cross-origin redirect in undici...

3.9CVSS6.1AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/03 10:58 a.m.2 views

CVE-2026-1540

The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header...

7.2CVSS6AI score0.00119EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/03 10:57 a.m.1 views

CVE-2026-29143

SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers...

9.1CVSS5.9AI score0.00068EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/03 5:8 a.m.6 views

CVE-2025-66485

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

5.4CVSS5.9AI score0.00013EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/03 3:31 a.m.2 views

EUVD-2026-18566

Shynet before 0.14.0 allows Host header injection in the password reset flow...

6.4CVSS5.9AI score0.00018EPSS
Exploits0References3
OSV
OSVadded 2026/04/03 2:37 a.m.2 views

GHSA-4P4R-M79C-WQ3V Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Impact Apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via webRequest.onHeadersReceived may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or...

5.9CVSS5.9AI score0.00013EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/03 2:37 a.m.3 views

EUVD-2026-18933

Electron: HTTP Response Header Injection in custom protocol handlers and webRequest...

5.9CVSS5.9AI score0.00013EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/04/03 2:37 a.m.3 views

Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Impact Apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via webRequest.onHeadersReceived may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or...

6.5CVSS5.9AI score0.00013EPSS
Exploits0References3Affected Software1
Snyk
Snykadded 2026/04/03 2:37 a.m.2 views

HTTP Response Splitting

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to HTTP Response Splitting via the protocol.handle, protocol.registerSchemesAsPrivileged, or...

6.5CVSS6AI score0.00013EPSS
Exploits0References3
Snyk
Snykadded 2026/04/03 2:37 a.m.1 views

HTTP Response Splitting

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to HTTP Response Splitting via the protocol.handle, protocol.registerSchemesAsPrivileged, or webRequest.onHeadersReceived...

6.5CVSS6AI score0.00013EPSS
Exploits0References3
NVD
NVDadded 2026/04/03 2:16 a.m.1 views

CVE-2026-35507

Shynet before 0.14.0 allows Host header injection in the password reset flow...

6.5CVSS0.00018EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/03 1:0 a.m.2 views

CVE-2026-35507

Shynet before 0.14.0 allows Host header injection in the password reset flow...

6.4CVSS5.9AI score0.00018EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/03 1:0 a.m.0 views

CVE-2026-35507

Shynet before 0.14.0 allows Host header injection in the password reset flow...

6.4CVSS5.9AI score0.00018EPSS
Exploits0References3
CVE
CVEadded 2026/04/03 1:0 a.m.5 views

CVE-2026-35507

CVE-2026-35507 affects Shynet before version 0.14.0. The issue is a Host header injection flaw in the password reset flow, with a CVSS 3.1 base score of 6.4 (Network, High impact on integrity; Low on confidentiality and availability; User interaction required). Root cause is insecure Host header ...

6.5CVSS5.9AI score0.00018EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/03 1:0 a.m.12 views

CVE-2026-35507

Shynet before 0.14.0 allows Host header injection in the password reset flow...

6.4CVSS0.00018EPSS
Exploits0References2
Rows per page
Query Builder