Lucene search
K

3750 matches found

Nuclei
Nuclei
added 14 hours ago13 views

esm.sh <= v136 - Arbitrary File Write via Path Traversal

esm.sh = 136 contains a path traversal caused by improper canonicalization of the X-Zone-Id HTTP header, letting attackers write files outside the intended storage directory, exploit requires crafted header input. id: CVE-2025-59342 info: name: esm.sh = v136 - Arbitrary File Write via Path...

6.9CVSS7AI score0.02829EPSS
Exploits2References3
Nuclei
Nuclei
added 14 hours ago110 views

Monstra CMS 3.0.4 - HTTP Header Injection

Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to...

6.1CVSS6.7AI score0.0302EPSS
Exploits1References3
CVE
CVE
added yesterday9 views

CVE-2025-62826

Summary: CVE-2025-62826 describes an HTTP Response Splitting (CWE-113) in Fortinet FortiOS and FortiProxy products. Affected versions: FortiOS 7.6.0–7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions; FortiProxy 7.6.0–7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions. Root ca...

4.3CVSS6.2AI score
Exploits0References1Affected Software2
Tenable Nessus
Tenable Nessus
added yesterday3 views

Fortinet Fortigate Header injection in captive portal authentication form (FG-IR-26-153)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-153 advisory. - An Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting' vulnerability CWE-113 vulnerability ...

4.3CVSS6.2AI score
Exploits0References2
Nuclei
Nuclei
added 2 days ago108 views

Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage

Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header. id: CVE-2015-2080 info: name: Eclipse Jetty 9.2.9.v20150224 - Sensitive Information Leakage author: pikpikcu severity: high description: Eclip...

7.5CVSS7AI score0.74881EPSS
Exploits16References5
Tenable Nessus
Tenable Nessus
added 5 days ago9 views

EulerOS 2.0 SP12 : busybox (EulerOS-SA-2026-2581)

According to the versions of the busybox packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line...

8.8CVSS7.3AI score0.00375EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

EulerOS 2.0 SP12 : busybox (EulerOS-SA-2026-2521)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line ...

8.8CVSS7.3AI score0.00375EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/08 4:19 p.m.5 views

EUVD-2025-210441

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...

6.9CVSS6AI score0.00259EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/08 4:19 p.m.37 views

CVE-2025-3110

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...

6.9CVSS0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.13 views

PT-2026-56197

Name of the Vulnerable Software and Affected Versions Django versions prior to 6.0.7 Django versions prior to 5.2.16 Description An issue exists where DomainNameValidator fails to prohibit newlines in domain names. While CharField strips newlines when used via a form field, other implementations...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References64
NVD
NVD
added 2026/07/06 11:16 a.m.11 views

CVE-2026-58226

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...

8.7CVSS0.00438EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 9:16 a.m.12 views

CVE-2026-48206

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel JIRA component. The camel-jira producers read their operation parameters - the issue key, project key, transition id, summary, type, assignee, components, watchers, link type, work-log minute...

5.3CVSS0.00349EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 9:3 a.m.2 views

CVE-2026-58226 Unauthenticated denial-of-service via unbounded HPACK integer decoding in hpax

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...

8.7CVSS6.1AI score0.00438EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/06 8:11 a.m.5 views

EUVD-2026-41845

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...

6AI score0.00341EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 8:10 a.m.8 views

EUVD-2026-41844

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

6.1AI score0.00385EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 8:8 a.m.2 views

CVE-2026-48205 Apache Camel DNS: The dns.* and term Exchange header constants used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to influence internal behaviour

Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel DNS component. The camel-dns producers read DNS operation parameters - the resolver to query, the name or domain to look up, the record type and class, and the search term - from Exchange message headers who...

9.1CVSS6.2AI score0.0037EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 8:6 a.m.2 views

CVE-2026-48203 Apache Camel: Camel-Solr: The SolrParam. and SolrField. Exchange header prefixes used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to inject Solr query parameters (server-side request forgery) and document fields

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

9.1CVSS6.2AI score0.0037EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/06 8:3 a.m.33 views

CVE-2026-46585 Apache Camel Lucene: The query control headers used non-Camel-prefixed names (QUERY, RETURN_LUCENE_DOCS) that bypass the HTTP header filter, allowing an HTTP client to inject the full-text search query

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component. The camel-lucene producer reads the search phrase from an Exchange header LuceneConstants.HEADERQUERY whose value was the plain string QUERY and RETURNLUCENEDOCS for...

0.00399EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:3 a.m.9 views

CVE-2026-46585

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component. The camel-lucene producer reads the search phrase from an Exchange header LuceneConstants.HEADERQUERY whose value was the plain string QUERY and RETURNLUCENEDOCS for...

6AI score0.00399EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55906

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection and authorization bypass issue exists in the Apache Camel Salesforce component. The...

5.3CVSS6.2AI score0.00341EPSS
Exploits0References9
Rows per page
Query Builder