Lucene search
+L

80 matches found

Rosalinux
Rosalinux
added 2025/04/30 7:45 a.m.61 views

Advisory ROSA-SA-2025-2851

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-65.0.1.rv3.3 CVE-ID: CVE-2023-27522 BDU-ID: 2023-02021 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modproxyuwsgi component of the Apache HTTP Server web server is related to flaws in HTTP request handling...

9.8CVSS9AI score0.99957EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2025/04/06 8:7 p.m.7 views

CVE-2025-32013 Server-Side Request Forgery via LNURL Authentication Callback in LNbits Lightning Network Payment System

LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery SSRF vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request ...

9.3CVSS7.2AI score0.00628EPSS
Exploits2References1
NVD
NVD
added 2025/03/26 10:15 p.m.11 views

CVE-2025-2837

Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this...

8.8CVSS0.00474EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/26 9:16 p.m.2 views

CVE-2025-2837 Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability

Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this...

8.8CVSS9.1AI score0.00474EPSS
Exploits0References2
CVE
CVE
added 2025/03/26 9:16 p.m.67 views

CVE-2025-2837

CVE-2025-2837 affects Silicon Labs Gecko OS. The issue is a stack-based buffer overflow in HTTP request handling caused by insufficient validation of the length of user-supplied data before copying it to a stack buffer. This leads to remote code execution with network-adjacent access and no authe...

8.8CVSS8.1AI score0.00474EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/03/26 9:16 p.m.14 views

CVE-2025-2837 Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability

Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this...

8.8CVSS0.00474EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/03/26 6:43 a.m.376 views

Exploit for CVE-2025-1974

Ingress Nightmare CVE-2025-1907 Description This vulnerab...

9.8CVSS9.5AI score0.99098EPSS
Exploits21
Positive Technologies
Positive Technologies
added 2025/03/26 12:0 a.m.4 views

PT-2025-13009 · Silicon · Gecko Os

Name of the Vulnerable Software and Affected Versions: Silicon Labs Gecko OS affected versions not specified Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required for exploitation. The issue stems from...

8.8CVSS8AI score0.00474EPSS
Exploits0References9
Veracode
Veracode
added 2025/03/25 12:2 p.m.5 views

Denial Of Service (DoS)

BentoML is vulnerable to Denial of Service DoS. The vulnerability is due to improper request handling due to the server continuously processing appended characters in a multipart boundary of an HTTP request, leading to excessive resource consumption and service unavailability...

7.5CVSS7AI score0.00664EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 3:50 a.m.7 views

CVE-2024-27922

TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The impact may var...

9.8CVSS9.4AI score0.00823EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/12/13 12:30 a.m.18 views

Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service

Boundary Community Edition and Boundary Enterprise “Boundary” incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary...

5.9CVSS6.6AI score0.00378EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/12/12 10:42 p.m.63 views

CVE-2024-12289

CVE-2024-12289 affects Boundary Community Edition and Boundary Enterprise. The issue occurs during initialization of the Boundary controller, where HTTP requests are mishandled and may cause the Boundary server to terminate prematurely. Fixed in Boundary 0.16.4, 0.17.3, and 0.18.2. Connected docu...

5.9CVSS5.6AI score0.00378EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/11/28 10:21 a.m.19 views

CVE-2024-8308 Siempelkamp: SQL injection due to improper handling of HTTP request input data

A low privileged remote attacker can insert a SQL injection in the web application due to improper handling of HTTP request input data which allows to exfiltrate all data...

6.5CVSS0.00597EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/18 3:36 p.m.15 views

CVE-2021-1425 Cisco Cisco Email Security Appliance and Content Security Management Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is bei...

4.3CVSS0.00523EPSS
Exploits0References1
Veracode
Veracode
added 2024/10/15 7:39 a.m.11 views

HTTP Smuggling

org.jboss.resteasy, resteasy-netty4-cdi is vulnerable to HTTP Smuggling. The vulnerability is due to improper handling of HTTP requests by the resteasy-netty4 library, specifically when the Netty HttpObjectDecoder fails to process HTTP smuggling requests with ASCII control characters, causing it ...

5.3CVSS6.6AI score0.00649EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/04 12:0 a.m.11 views

The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma allows attackers to execute arbitrary code.

The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma is related to improper handling of HTTP requests. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

5.4CVSS6.7AI score0.00646EPSS
Exploits0References9Affected Software5
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.6 views

PT-2024-6830 · Sap · Sap Crm Abap

Name of the Vulnerable Software and Affected Versions: SAP CRM ABAP affected versions not specified Description: The issue is related to insufficient checking of incoming HTTP requests in the Insights Management component of the SAP CRM ABAP integration module. This can allow a remote attacker to...

5CVSS7.2AI score0.00262EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/08/09 12:0 a.m.6 views

PT-2024-27769 · Vercot · Serva

Name of the Vulnerable Software and Affected Versions: vercot Serva version 4.6.0 Description: A NULL pointer dereference in vercot Serva allows attackers to cause a Denial of Service DoS via a crafted HTTP request. Recommendations: For version 4.6.0, consider disabling the HTTP request handling...

7.5CVSS6.2AI score0.01246EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.10 views

TOMP Bare Server 安全漏洞

TOMP Bare Server is an open source library from Tomp Web Proxies. A security vulnerability exists in TOMP Bare Server versions prior to 2.0.2, which stems from improper handling of HTTP requests by the omphttp/bare-server-node package...

9.8CVSS9AI score0.00823EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/03 12:0 a.m.6 views

PT-2024-2026 · Ibm · Ibm Watson Cp4D Data Stores

Name of the Vulnerable Software and Affected Versions: IBM Watson CP4D Data Stores versions 4.6.0 through 4.6.2 Description: The issue is related to errors in handling HTTP requests and improper input validation, which could allow a remote attacker to impact data integrity. An attacker with...

5.9CVSS7AI score0.00547EPSS
Exploits0References7
Rows per page
Query Builder