Lucene search
K

3935 matches found

Cvelist
Cvelist
added 2026/07/06 8:11 a.m.33 views

CVE-2026-49365 Apache Camel: Camel-Netty-HTTP: The muteException consumer option defaulted to false, so a processing error returned the full Java stack trace in the HTTP response body, disclosing sensitive internal information to unauthenticated clients

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...

0.00363EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 7:54 a.m.17 views

CVE-2026-40859

CVE-2026-40859 – Apache Camel Camel-Vertx-Http deserialization vulnerability : The camel-vertx-http component deserializes HTTP response bodies with Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream without an ObjectInputFilter, when transferException=true (o...

8.1CVSS6.7AI score0.00724EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/29 10:36 p.m.4 views

SUSE-SU-2026:2686-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

9.8CVSS7.3AI score0.99957EPSS
Exploits47References95
EUVD
EUVD
added 2026/06/26 9:54 p.m.14 views

EUVD-2026-31683

Hackney has CRLF / header injection via unvalidated domain and path options...

5.3CVSS5.8AI score0.00374EPSS
Exploits1References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in Python 3.11

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially leading to Out-of-Memory errors or other types of...

7.5CVSS7.5AI score0.01525EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/22 5:15 p.m.16 views

Important: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 4 on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.8CVSS7.6AI score0.01079EPSS
Exploits7References11
OSV
OSV
added 2026/06/20 6:57 a.m.2 views

SUSE-SU-2026:22209-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

9.8CVSS7.2AI score0.4581EPSS
Exploits18References23
OSV
OSV
added 2026/06/20 6:57 a.m.6 views

SUSE-SU-2026:22199-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

9.8CVSS6.2AI score0.4581EPSS
Exploits18References23
Snyk
Snyk
added 2026/06/18 3:4 p.m.3 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the headers option in the Remote process. An attacker can inject or override HTTP headers in outgoing requests by including newline characters in user-controlled input that is forwarded to the header value...

6.9CVSS5.9AI score0.0029EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/10 12:9 p.m.12 views

netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses 103, followed by a 200 with a GET body, then another 200 for a HEAD request when the client pipelines GET the...

9.1CVSS6.8AI score0.0075EPSS
Exploits1References5
OSV
OSV
added 2026/06/08 5:16 p.m.13 views

DEBIAN-CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

6.3CVSS5.5AI score0.00313EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 4:34 p.m.10 views

EEF-CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2

Summary Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cow\http\struct\hd:escape\string/2 in cowlib only escapes \ and ", passing...

6.3CVSS5.6AI score0.00313EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/08 4:34 p.m.9 views

CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

6.3CVSS5.6AI score0.00313EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/08 2:12 p.m.10 views

CVE-2026-43973 gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion

Uncontrolled Resource Consumption vulnerability in ninenines gun gunhttp module allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gunhttp:handle/5, three clauses accumulate incoming TCP data into the connection's buffer field using binary concatenati...

8.7CVSS5.8AI score0.00381EPSS
Exploits0References3
CVE
CVE
added 2026/06/08 2:12 p.m.42 views

CVE-2026-43973

CVE-2026-43973 concerns the Erlang/Elixir library gun_http in the Gun framework. The vulnerability is an uncontrolled resource consumption: three code paths in gun_http:handle/5 accumulate TCP data into a connection buffer using binary concatenation with no upper bound. If a malicious server send...

8.7CVSS5.8AI score0.00381EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.11 views

EulerOS Virtualization 2.13.0 : python3 (EulerOS-SA-2026-2188)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment...

7.5CVSS7.2AI score0.01525EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.14 views

SUSE SLES15 Security Update : apache2 (SUSE-SU-2026:2103-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2103-1 advisory. This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957....

9.8CVSS6.2AI score0.4581EPSS
Exploits18References34
OSV
OSV
added 2026/05/28 12:34 p.m.11 views

SUSE-SU-2026:2103-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

9.8CVSS7.6AI score0.4581EPSS
Exploits18References23
Vulnrichment
Vulnrichment
added 2026/05/25 2:0 p.m.13 views

CVE-2026-47069 CRLF injection in cookie domain/path options in hackney

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...

2.1CVSS6AI score0.00374EPSS
Exploits1References4
OSV
OSV
added 2026/05/25 2:0 p.m.18 views

EEF-CVE-2026-47069 CRLF injection in cookie domain/path options in hackney

Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the doma...

2.1CVSS6AI score0.00374EPSS
Exploits1References4
Rows per page
Query Builder