Lucene search
K

5909 matches found

Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.6 views

PT-2026-2473

An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests...

6.5CVSS6.7AI score0.00602EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/12 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-22776

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in...

8.7CVSS5.7AI score0.00353EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/10 12:19 a.m.6 views

CVE-2026-22024 CryptoLib Memory Leak in KMC Encrypt Function Leads to Resource Exhaustion

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the cryptographyencrypt function allocates...

6.3CVSS6.8AI score0.00432EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.7 views

CVE-2021-31898

In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS...

7.5CVSS7AI score0.00628EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.19 views

CVE-2021-22056

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response...

7.5CVSS6.9AI score0.01558EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.8 views

CVE-2022-38333

Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function headervalue. This vulnerability allows attackers to access sensitive information via a crafted HTTP request...

7.5CVSS6.9AI score0.00998EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.7 views

CVE-2022-26283

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the viewplan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...

9.8CVSS8.2AI score0.01532EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.13 views

CVE-2022-26284

Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manageclient endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...

9.8CVSS8.2AI score0.01948EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:19 a.m.5 views

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

9.8CVSS7AI score0.32304EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.7 views

CVE-2020-7549

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause denial of HTTP and FTP...

5.3CVSS6.9AI score0.0102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.3 views

CVE-2024-39720

An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file,...

8.2CVSS7AI score0.02479EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:31 a.m.15 views

CVE-2023-43052

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domai...

5.3CVSS7AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:30 a.m.9 views

CVE-2023-29179

A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, Fortiproxy version 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 allows attacker to denial of service via specially crafted HTTP requests...

6.5CVSS6.6AI score0.02454EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:29 a.m.7 views

CVE-2023-50181

An improper access control vulnerability CWE-284 in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests...

6.5CVSS6.8AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.7 views

CVE-2023-49715

A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP...

8.8CVSS7.6AI score0.01367EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.11 views

CVE-2023-49094

Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if the...

4.3CVSS7AI score0.00705EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:15 a.m.7 views

CVE-2022-23439

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the Host header points to an arbitrary webserver...

6.1CVSS6.7AI score0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.9 views

CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

6.1CVSS6.3AI score0.00849EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.7 views

CVE-2022-31074

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, several endpoints in the Cloud AdmissionController may be susceptible to a DoS attack if an HTTP request containing a very lar...

6.5CVSS6.6AI score0.00702EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:9 a.m.8 views

CVE-2019-18202

Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests...

5.8CVSS7AI score0.01789EPSS
Exploits0References1
Rows per page
Query Builder