Lucene search
K

12667 matches found

CVE
CVE
added 2026/05/29 9:50 a.m.25 views

CVE-2026-46579

OpenShift Router flaw: when Route.insecureEdgeTerminationPolicy is Allow, the HTTP frontend does not strip X-SSL-Client-* headers, enabling an unauthenticated attacker to craft requests that bypass mutual TLS authentication by impersonating client certificate identities. Affected component: OpenS...

7.5CVSS5.7AI score0.0023EPSS
Exploits0References6Affected Software2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Red Hat OpenShift Container Platform 授权问题漏洞

Red Hat OpenShift Container Platform is a platform developed by Red Hat Inc. It helps enterprises develop, deploy, and manage existing container-based applications across physical, virtual, and public cloud infrastructures. There is an authorization vulnerability in Red Hat OpenShift Container...

7.4CVSS5.8AI score0.0023EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-45023

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description NodeVM exposes process-wide observability builtins when they are permitted via require.builtin. Specifically, the diagnostics channel, async hooks, and perf hooks modules are not included in the dangero...

6.9CVSS5.3AI score0.00308EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

n8n-MCP 访问控制错误漏洞

n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. Versions of n8n-MCP prior to 2.51.2 contained an access control vulnerability. This vulnerability arises when multi-tenant mode is enabled, and headers are omitted or only partially provided duri...

8.1CVSS5.9AI score0.00235EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.67 views

📄 Apache HTTP Server 2.4.66 Denial of Service

Apache HTTP Server version 2.4.66 modhttp2 double-free denial of service proof of concept exploit. Exploit Title: Apache HTTP Server 2.4.66 - 'modhttp2' Double-Free Denial of Service Google Dork: intext:"Apache/2.4.66" "HTTP/2" Date: 2026-05-06 Exploit Author: xeloxa https://github.com/xeloxa/...

8.8CVSS7.5AI score0.4581EPSS
Exploits16
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-44799

Name of the Vulnerable Software and Affected Versions OpenShift Router affected versions not specified Description A flaw in the HTTP frontend occurs when a Route has the insecureEdgeTerminationPolicy set to Allow. In this configuration, the router fails to remove X-SSL-Client- headers from...

7.5CVSS5.5AI score0.0023EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/05/28 8:59 p.m.9 views

CVE-2026-44883 Portainer: JWT accepted in URL query leaks tokens to logs and referers

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...

7.7CVSS5.8AI score0.00316EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/28 8:59 p.m.11 views

EUVD-2026-33059

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...

7.7CVSS5.8AI score0.00316EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/28 6:24 p.m.10 views

HTTP Response Splitting

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Response Splitting via the serialize function. An attacker can inject arbitrary attributes into the Set-Cookie response header by supplying crafted input to the sameSite or priority...

5.3CVSS5.9AI score0.00216EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/28 5:53 p.m.16 views

USN-8343-1: multipart vulnerability

It was discovered that multipart had an ambiguous regular expression alternation when handling certain HTTP header values. A remote attacker could possibly use this issue to cause multipart to use excessive resources, leading to a denial of service...

7.5CVSS7.4AI score0.00606EPSS
Exploits0
OSV
OSV
added 2026/05/28 5:53 p.m.9 views

USN-8343-1 multipart vulnerability

It was discovered that multipart had an ambiguous regular expression alternation when handling certain HTTP header values. A remote attacker could possibly use this issue to cause multipart to use excessive resources, leading to a denial of service...

7.5CVSS5.8AI score0.00606EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 5:52 p.m.12 views

GHSA-Q8CJ-789H-VG24 OpenBao's Inline Auth Incorrectly Redacted Headers

Impact OpenBao's inline auth functionality incorrectly redacted audit log entries, resulting in non-auth headers being removed and auth-related headers being retained in cleartext. This requires an attacker to compromise access to the audit device. Operators should review leaked source...

5.4CVSS5.8AI score0.00029EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/28 5:52 p.m.17 views

OpenBao's Inline Auth Incorrectly Redacted Headers

Impact OpenBao's inline auth functionality incorrectly redacted audit log entries, resulting in non-auth headers being removed and auth-related headers being retained in cleartext. This requires an attacker to compromise access to the audit device. Operators should review leaked source...

5.8AI score0.00029EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/28 5:9 p.m.19 views

CVE-2026-42585

A flaw was found in Netty. This vulnerability allows a remote attacker to perform request smuggling attacks due to incorrect parsing of malformed Transfer-Encoding headers. By exploiting this flaw, an attacker can bypass security controls and potentially access sensitive information or manipulate...

7.5CVSS5.8AI score0.00248EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/28 5:4 p.m.11 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the Parse function. An attacker can exhaust CPU resources and generate excessive log output by sending oversized or malformed headers that are processed without length checks. Remediation...

6.9CVSS5.8AI score0.00237EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 5:4 p.m.11 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the Parse function. An attacker can exhaust CPU resources and generate excessive log output by sending oversized or malformed headers that are processed without length checks. Remediation...

6.9CVSS5.8AI score0.00237EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 5:4 p.m.9 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the Parse function. An attacker can exhaust CPU resources and generate excessive log output by sending oversized or malformed headers that are processed without length checks. Remediation...

6.9CVSS5.8AI score0.00237EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 5:4 p.m.14 views

GHSA-5WRP-CWCJ-Q835 opentelemetry-go's baggage parsing no longer caps raw header length

Summary https://github.com/open-telemetry/opentelemetry-go/pull/7880 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Details The commit removes the upfront baggage-string length check and the...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/28 5:4 p.m.13 views

opentelemetry-go's baggage parsing no longer caps raw header length

Summary https://github.com/open-telemetry/opentelemetry-go/pull/7880 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Details The commit removes the upfront baggage-string length check and the...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References4Affected Software2
GithubExploit
GithubExploit
added 2026/05/28 8:39 a.m.76 views

web-vulnerability-scanner

web-vulnerability-scanner A P...

5.8AI score
Exploits0
Rows per page
Query Builder