Lucene search
K

116 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2009-2063

Malware in sbrugna...

6.8CVSS6.1AI score0.01369EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-42399

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.01115EPSS
Exploits0References7
NVD
NVD
added 2025/07/30 1:15 a.m.5 views

CVE-2025-8320

Tesla Wall Connector Content-Length Header Improper Input Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Tesla Wall Connector devices. Authentication is not required to exploit this...

8.8CVSS0.00323EPSS
Exploits0References1
OSV
OSV
added 2025/06/24 1:15 p.m.2 views

UBUNTU-CVE-2025-6434

The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability was fixed in Firefox 140 and Thunderbird 1...

4.3CVSS5.8AI score0.00227EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 4:6 p.m.7 views

CVE-2020-1059

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'...

4.3CVSS6.5AI score0.01999EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:20 a.m.8 views

CVE-2019-0608

A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357...

4.3CVSS6.2AI score0.02134EPSS
Exploits0References1
OSV
OSV
added 2025/01/16 7:23 a.m.15 views

BIT-PYTHON-MIN-2020-27619

In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...

9.8CVSS9.7AI score0.08235EPSS
Exploits0References15
OSV
OSV
added 2024/07/19 3:6 p.m.7 views

CLSA-2024-1721401573 Fix CVE(s): CVE-2020-27619

SECURITY UPDATE: eval on content received via HTTP in test suite - debian/patches/CVE-2020-27619.patch: No longer call eval on content received via HTTP in the CJK codec tests - CVE-2020-27619...

9.8CVSS6.8AI score0.08235EPSS
Exploits0References1
Fedora
Fedora
added 2024/02/20 1:40 a.m.31 views

[SECURITY] Fedora 39 Update: libmodsecurity-3.0.12-1.fc39

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. In general, it provides the capability to load/interpret rules written in the ModSecurity...

8.6CVSS7.2AI score0.00682EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2024/02/05 3:15 p.m.30 views

CVE-2024-24762

python-multipart is a streaming multipart parser for Python. When using form data, python-multipart uses a Regular Expression to parse the HTTP Content-Type header, including options. An attacker could send a custom-made Content-Type option that is very difficult for the RegEx to process, consumi...

7.5CVSS6.7AI score0.01523EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2024/02/05 2:33 p.m.25 views

CVE-2024-24762

python-multipart is a streaming multipart parser for Python. When using form data, python-multipart uses a Regular Expression to parse the HTTP Content-Type header, including options. An attacker could send a custom-made Content-Type option that is very difficult for the RegEx to process, consumi...

7.5CVSS6.9AI score0.01523EPSS
Exploits1
OSV
OSV
added 2023/11/21 3:15 p.m.2 views

CVE-2023-6210

When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox 120...

6.5CVSS5.8AI score0.00614EPSS
Exploits0References3
Prion
Prion
added 2023/08/15 7:15 p.m.21 views

Design/Logic Flaw

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers...

7.5CVSS9.3AI score0.00588EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/15 6:25 p.m.19 views

CVE-2023-4324 Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers...

9.6AI score0.00588EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.5 views

SUSE CVE-2009-2067

Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related...

6.8CVSS7.3AI score0.01369EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.5 views

SUSE CVE-2017-7375

A flaw in libxml2 allows remote XML entity inclusion with default parser flags i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes. Depending on the context, this may expose a higher-risk attack surface in libxml2 not...

5.3CVSS8.6AI score0.0264EPSS
Exploits0References22
SUSE CVE
SUSE CVE
added 2023/02/15 4:30 a.m.8 views

SUSE CVE-2018-7159

The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...

5.3CVSS8.4AI score0.03621EPSS
Exploits0References6
Fedora
Fedora
added 2022/10/24 2:10 p.m.34 views

[SECURITY] Fedora 36 Update: libmodsecurity-3.0.8-1.fc36

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. In general, it provides the capability to load/interpret rules written in the ModSecurity...

9.8CVSS1.9AI score0.02542EPSS
Exploits1
Veracode
Veracode
added 2022/10/10 9:11 p.m.34 views

Authorization Bypass

modsecurity-crs:sid is vulnerable to authorization bypass. The vulnerability exists due to encoded payload bypass detection, allowing an attacker to cause a specially malicious HTTP Content-Type header field...

9.8CVSS8.7AI score0.01115EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2022/09/20 7:15 a.m.27 views

CVE-2022-39955

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" nam...

9.8CVSS6.4AI score
Exploits0References7
Rows per page
Query Builder