CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Snyk•added 2026/03/12 8:17 p.m.•1 views

CRLF Injection

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to CRLF Injection via the upgrade option of the client.request function. An attacker can inject malicious data into HTTP headers or prematurely terminate HTTP requests by...

6.5CVSS5.9AI score0.00012EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-19919

Malware in sbrugna...

9.8CVSS9.2AI score0.02785EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-0148

Malware in sbrugna...

7.5CVSS7.4AI score0.00351EPSS

Exploits0References9

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-7217

Malware in sbrugna...

7.5CVSS7.6AI score0.00697EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2010-1256

Malware in sbrugna...

5CVSS6.4AI score0.06563EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-15801

Malware in sbrugna...

8.1CVSS8.1AI score0.00195EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-1240

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.00198EPSS

Exploits0References12

RedhatCVE•added 2025/05/23 1:10 a.m.•3 views

CVE-2022-36364

Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary...

8.8CVSS8AI score0.11793EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 6:51 p.m.•6 views

CVE-2021-33207

The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code...

9.8CVSS7AI score0.02785EPSS

Exploits0References1

Amazon•added 2023/08/09 12:0 a.m.•7 views

Important: golang

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

6.5CVSS7AI score0.00344EPSS

Exploits0

IBM Security Bulletins•added 2021/10/26 9:21 p.m.•52 views

Security Bulletin: FileNet Content Manager is affected by a HTTP Client vulnerability

Summary FileNet Content Manager has addressed the following HTTP Client v3.0.1 and v4.0.1 vulnerability. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could allow a remote...

5.8CVSS0.1AI score0.00616EPSS

Exploits0Affected Software1

Prion•added 2020/04/29 6:15 p.m.•8 views

Authorization

Actions Http-Client NPM @actions/http-client before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request...

5CVSS7.3AI score0.00434EPSS

Exploits0References3Affected Software1

RedHat Linux•added 2013/03/25 5:4 p.m.•2 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS7.2AI score0.00616EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by