Lucene search
K

12 matches found

OSV
OSV
added 2026/04/02 6:16 p.m.4 views

DEBIAN-CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

6.5CVSS5.3AI score0.00192EPSS
Exploits2References1
OSV
OSV
added 2026/04/02 6:16 p.m.5 views

UBUNTU-CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

6.5CVSS5.8AI score0.00192EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:9 p.m.5 views

CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

4.8CVSS5.8AI score0.00192EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2026/02/26 2:16 a.m.9 views

CVE-2026-27959

Koa is middleware for Node.js using ES2017 async functions. Prior to versions 3.1.2 and 2.16.4, Koa's ctx.hostname API performs naive parsing of the HTTP Host header, extracting everything before the first colon without validating the input conforms to RFC 3986 hostname syntax. When a malformed...

8.2CVSS0.00334EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/01/29 11:23 a.m.6 views

Important: Red Hat Security Advisory: spice-client-win security update

An update for spice-client-win is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

8.2CVSS5.8AI score0.00496EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/01/21 12:55 p.m.6 views

Important: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

8.2CVSS5.8AI score0.00496EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/01/21 5:17 a.m.3 views

Important: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.2CVSS5.8AI score0.00496EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.7 views

AlmaLinux 9 : libsoup (ALSA-2026:0422)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:0422 advisory. libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy First- vs Last-Value Wins CVE-2025-14523 Tenable has extracted the preceding...

8.2CVSS5.4AI score0.00496EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/08 12:0 a.m.7 views

Micrium uC-HTTP Buffer Error Vulnerability

Micrium uC-HTTP is a software from Micrium USA that provides TCP/IP functionality for devices. The software is designed for embedded applications with a compact, reliable, high-performance TCP/IP stack with dual support for IPv4 and IPv6. A buffer error vulnerability exists in Micrium uC-HTTP...

9.8CVSS7.7AI score0.01672EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/05/05 12:0 a.m.5 views

PT-2022-19425 · Hawk +2 · Hawk +2

Name of the Vulnerable Software and Affected Versions: Hawk versions prior to 9.0.1 Description: Hawk is an HTTP authentication scheme that provides mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response. It was found to be vulnerable...

7.5CVSS7.3AI score0.01028EPSS
Exploits0References25
OSV
OSV
added 2021/02/03 12:0 a.m.1 views

UBUNTU-CVE-2021-20213

A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed...

7.5CVSS7AI score0.01571EPSS
Exploits0References5
OSV
OSV
added 2019/03/21 4:29 p.m.6 views

CVE-2018-4030

An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any...

7.5CVSS5.8AI score0.01168EPSS
Exploits1References1
Rows per page
Query Builder