Lucene search
K

313 matches found

NVD
NVD
added last week8 views

CVE-2026-53878

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. DomainNameValidator does not prohibit newlines in domain names unless used via a form field, since CharField strips newlines. If an application uses values with newlines in an HTTP response, header injection can occur. Djan...

6.1CVSS0.00217EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 8:32 a.m.3 views

OPENSUSE-SU-2026:21189-1 Security update for transmission

This update for transmission fixes the following issues: Changes in transmission: - CVE-2026-38978: add clickjack safeguards when serving http responses bsc1267404...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 4:16 p.m.11 views

CVE-2026-12549

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...

4.8CVSS0.00325EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/22 1:55 p.m.49 views

CVE-2026-12549 Libsoup: incomplete fix for cve-2026-2443: range suffix overflow in libsoup soupserver

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...

4.8CVSS0.00325EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/12 2:52 p.m.13 views

EUVD-2026-36466

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

5.3CVSS5.3AI score0.00206EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.22 views

PT-2026-45837

Name of the Vulnerable Software and Affected Versions tesla versions 0.6.0 through 1.18.2 Description Improper handling of highly compressed data allows a denial of service via a decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression i...

8.2CVSS6AI score0.00329EPSS
Exploits0References13
Cvelist
Cvelist
added 2026/05/12 6:1 p.m.61 views

CVE-2026-42348 OpAMP client reads unbounded HTTP response bodies

OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This coul...

5.9CVSS0.00311EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 6:1 p.m.19 views

CVE-2026-42348

OpenTelemetry.OpAmp.Client (OpenTelemetry .NET) is affected before version 0.2.0-alpha.1. The HTTP transport reads HttpResponseMessage.Content into memory using ReadAsByteArrayAsync without a size cap, allowing an unbounded read of the entire response body. This can cause memory exhaustion in the...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/12 9:19 a.m.15 views

Exposed Dangerous Method or Function

Overview org.webjars.npm:webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in Server.js, when handling non-HTTPS responses. ...

6.5CVSS5.8AI score0.00427EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31695

Name of the Vulnerable Software and Affected Versions V2Board versions 1.6.1 through 1.7.4 and Xboard versions through 0.1.9 Description V2Board and Xboard are affected by an issue where authentication tokens are exposed in the HTTP response bodies of the loginWithMailLink endpoint when the login...

9.1CVSS5.8AI score0.00584EPSS
Exploits1References16
Snyk
Snyk
added 2026/04/08 10:12 p.m.3 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the UploadTraces, UploadMetrics, and uploadLogs response-handling paths in exporters/otlp/otlptrace/otlptracehttp/client.go, exporters/otlp/otlpmetric/otlpmetrichttp/client.go, and...

8.2CVSS5.8AI score0.0019EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 2:4 p.m.3 views

OESA-2026-1742 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: A compromised third party cloud server or man-in-the-middle...

3.7CVSS5.9AI score0.00187EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/18 3:23 a.m.4 views

CVE-2026-4359

A flaw was found in mongo-c-driver. A compromised third-party cloud server or a man-in-the-middle MITM attacker could send a malformed HTTP response. This could cause applications using the MongoDB C driver to crash, leading to a Denial of Service...

5.9CVSS5.7AI score0.00187EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/11 6:23 p.m.2 views

CVE-2019-25478

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make i...

8.7CVSS6.1AI score0.00492EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.160 views

📄 Router Fingerprint / Command Injection Scanner

This Python tool is designed to automatically identify the vendor of IoT routers through HTTP fingerprinting and attempt command-injection testing using vendor-specific payloads. The scanner analyzes HTTP headers and response bodies to detect device signatures from common manufacturers such as...

5.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/03 7:53 p.m.4 views

CVE-2025-13616

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

6.5CVSS5.9AI score0.00226EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.6 views

PT-2026-22795

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

6.5CVSS5.9AI score0.00226EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/02 3:16 p.m.2 views

CVE-2026-0689 XIQ‑SE NAC Admin Credential Exposure via HTTP Response

In ExtremeCloud IQ – Site Engine XIQ‑SE before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns th...

8.5CVSS6AI score0.00285EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/02 3:16 p.m.3 views

CVE-2026-0689

In ExtremeCloud IQ – Site Engine XIQ‑SE before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns th...

8.5CVSS6AI score0.00285EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/26 7:57 a.m.32 views

CVE-2026-1696 Missing security HTTP headers

Some HTTP security headers are not properly set by the web server when sending responses to the client application...

2.3CVSS0.00143EPSS
Exploits0References1
Rows per page
Query Builder