Lucene search
K

16600 matches found

Cvelist
Cvelist
added 2023/07/19 7:39 p.m.45 views

CVE-2023-37276 aiohttp vulnerable to HTTP request smuggling

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

5.3CVSS7.6AI score0.01422EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/07/19 7:39 p.m.33 views

CVE-2023-37276 aiohttp vulnerable to HTTP request smuggling

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

5.3CVSS6.8AI score0.01422EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2023/07/19 7:39 p.m.106 views

CVE-2023-37276

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

7.5CVSS6.4AI score0.01422EPSS
Exploits1
CVE
CVE
added 2023/07/19 7:39 p.m.163 views

CVE-2023-37276

CVE-2023-37276 affects aiohttp when used as an HTTP server (aiohttp.Application); vulnerable code is in the llhttp-based HTTP request parser bundled with aiohttp v3.8.4 and earlier. Exploitation can lead to HTTP request smuggling. The issue is addressed in aiohttp 3.8.5; upgrading is recommended....

7.5CVSS6.2AI score0.01422EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2023/07/19 12:0 a.m.4 views

aiohttp 环境问题漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. An environment issue vulnerability exists in aiohttp v3.8.4 and earlier versions that stems from easy HTTP request smuggling through the llhttp HTTP request parser...

7.5CVSS6.4AI score0.01422EPSS
Exploits1References3
0day.today
0day.today
added 2023/07/19 12:0 a.m.298 views

Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit

Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit Author: Thurein Soe CVE : CVE-2022-28171 Vendor Homepage: https://www.hikvision.com Software Link: N/A Refence Link: https://cve.report/CVE-2022-28171 Version: Filmora 12: Ds-a71024 Firmware, Ds-a71024...

9.8CVSS9.7AI score0.49858EPSS
Exploits6
Amazon
Amazon
added 2023/07/19 12:0 a.m.3 views

Important: nodejs

Issue Overview: The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please no...

7.5CVSS7.3AI score0.03906EPSS
Exploits1
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.238 views

CmsMadeSimple v2.2.17 - Stored Cross-Site Scripting (XSS)

Exploit Title: CmsMadeSimple v2.2.17 - Stored Cross-Site Scripting XSS Application: CmsMadeSimple Version: v2.2.17 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 12-07-2023 Author: Mirabbas...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.246 views

Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution

Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Date: 16 July 2023 Exploit Author: Thurein Soe CVE : CVE-2022-28171 Vendor Homepage: https://www.hikvision.com Software Link: N/A Refence Link: https://cve.report/CVE-2022-28171 Version: Filmora 12: Ds-a71024...

9.8CVSS9.7AI score0.49858EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2023/07/19 12:0 a.m.25 views

Fedora 37 : nodejs18 (2023-6b866fbe84)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6b866fbe84 advisory. 2023-06-20, Version 18.16.1 'Hydrogen' LTS, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...

7.5CVSS6.8AI score0.03906EPSS
Exploits1References6
NVD
NVD
added 2023/07/18 7:15 p.m.42 views

CVE-2023-37477

1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...

8.8CVSS0.05354EPSS
Exploits1References2
Prion
Prion
added 2023/07/18 7:15 p.m.17 views

Command injection

1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...

6.5CVSS8.9AI score0.05354EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/18 7:10 p.m.27 views

1Panel command injection vulnerability in Firewall ip functionality

Summary An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Details 1Panel firewall functionality /hosts/firewall/...

8.8CVSS8.2AI score0.05354EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/07/18 7:10 p.m.29 views

GHSA-P9XF-74XH-MHW5 1Panel command injection vulnerability in Firewall ip functionality

Summary An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Details 1Panel firewall functionality /hosts/firewall/...

8.8CVSS8AI score0.05354EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/07/18 6:25 p.m.15 views

CVE-2023-37477 Command injection in firewall ip functionality in 1Panel

1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...

7.2CVSS8.8AI score0.05354EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/07/18 6:25 p.m.46 views

CVE-2023-37477 Command injection in firewall ip functionality in 1Panel

1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...

7.2CVSS9AI score0.05354EPSS
Exploits1References2
OSV
OSV
added 2023/07/18 6:25 p.m.42 views

CVE-2023-37477 Command injection in firewall ip functionality in 1Panel

1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...

7.2CVSS8.9AI score0.05354EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2023/07/18 4:9 p.m.520 views

Exploit for Double Free in Xhttp_Project Xhttp

CVE-2023-38434 xHTTP commit 72f812d and below suffers from a...

7.5CVSS7.7AI score0.009EPSS
Exploits2
The Hacker News
The Hacker News
added 2023/07/18 5:56 a.m.76 views

Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites

Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign. The flaw, tracked as CVE-2023-28121 CVSS score: 9.8, is a case of authentication bypass that enables unauthenticated attackers to...

9.8CVSS9AI score0.99754EPSS
Exploits9
NVD
NVD
added 2023/07/18 3:15 a.m.15 views

CVE-2023-38434

xHTTP 72f812d has a double free in closeconnection in xhttp.c via a malformed HTTP request method...

7.5CVSS0.009EPSS
Exploits2References1
Rows per page
Query Builder