Lucene search
K

872 matches found

RedHat Linux
RedHat Linux
added 2026/05/19 6:30 p.m.11 views

python: Python: HTTP header injection via CR/LF in proxy tunnel headers

A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...

5.7CVSS7.2AI score0.00562EPSS
Exploits0References8
OSV
OSV
added 2026/05/19 12:0 a.m.21 views

ALSA-2026:19019 Important: python3.14 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.1CVSS7.5AI score0.00621EPSS
Exploits0References20
OSV
OSV
added 2026/05/19 12:0 a.m.25 views

ALSA-2026:19064 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.1CVSS7.1AI score0.01279EPSS
Exploits1References26
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.15 views

RHEL 10 : python3.12 (RHSA-2026:19064)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19064 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

9.1CVSS7.2AI score0.01279EPSS
Exploits1References26
AlmaLinux
AlmaLinux
added 2026/05/19 12:0 a.m.30 views

Important: python3.14 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.1CVSS7.5AI score0.00621EPSS
Exploits0References20
CVE
CVE
added 2026/05/13 5:57 p.m.48 views

CVE-2026-42578

Netty CVE-2026-42578 affects HttpProxyHandler prior to 4.2.13.Final and 4.1.133.Final. The issue arises because HttpProxyHandler builds CONNECT requests with header validation disabled (newInitialMessage uses DefaultHttpHeadersFactory.headersFactory().withValidation(false) and then appends user-p...

7.5CVSS5.9AI score0.00667EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2026/05/11 9:30 a.m.13 views

CVE-2025-8154

CVE-2025-8154 describes an HTTP header injection vulnerability in the Webhook API invocations causing headers to be injected/overwritten in responses. Affected products include multiple WSO2 offerings (e.g., API Manager, Universal Gateway, Traffic Manager, API Control Plane, Carbon API Gateway/Ma...

7.5CVSS5.8AI score0.00186EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 9:30 a.m.9 views

CVE-2025-8154 HTTP Header Injection via Webhook API in Multiple WSO2 Products Allows Response Header Manipulation

In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 12:11 a.m.3 views

GHSA-45Q3-82M4-75JR Netty has HTTP Header Injection via HttpProxyHandler Disabled Validation (Incomplete Fix CVE-2025-67735)

Security Vulnerability Report: HTTP Header Injection via HttpProxyHandler Disabled Validation in Netty 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions | | Component | io.netty.handler.proxy.HttpProxyHandler | |...

6.3CVSS6.1AI score0.00667EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/04/27 3:6 p.m.10 views

python: Python: HTTP header injection via CR/LF in proxy tunnel headers

A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...

5.7CVSS5.3AI score0.00562EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:38 p.m.4 views

CVE-2026-42035

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter lib/adapters/http.js that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type...

7.4CVSS5.7AI score0.00394EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.10 views

PT-2026-34624

Name of the Vulnerable Software and Affected Versions i18next-http-middleware versions prior to 3.9.3 Description The software writes user-controlled language values into the 'Content-Language' response header using an HTML-entity encoder that fails to strip carriage return, line feed, or other...

8.6CVSS5.8AI score0.00327EPSS
Exploits0References5
OSV
OSV
added 2026/04/15 12:7 p.m.10 views

RLSA-2026:7675 Important: nodejs24 security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

7.5CVSS6.7AI score0.26356EPSS
Exploits1References19
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.5 views

RockyLinux 10 : nodejs24 (RLSA-2026:7675)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7675 advisory. nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547...

9.8CVSS6.7AI score0.26356EPSS
Exploits1References37
Rockylinux
Rockylinux
added 2026/04/13 6:1 a.m.8 views

nodejs:24 security update

An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS6.6AI score0.26356EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.4 views

RHEL 10 : nodejs24 (RHSA-2026:7675)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7675 advisory. Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an...

9.8CVSS6.7AI score0.26356EPSS
Exploits1References38
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.5 views

RHEL 8 : nodejs:24 (RHSA-2026:7670)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7670 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

9.8CVSS5.9AI score0.26356EPSS
Exploits1References37
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Important: python3.9

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

7CVSS5.8AI score0.00621EPSS
Exploits0
OSV
OSV
added 2026/04/13 12:0 a.m.8 views

ALSA-2026:7670 Important: nodejs:24 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici:...

9.8CVSS5.8AI score0.26356EPSS
Exploits1References36
OSV
OSV
added 2026/04/13 12:0 a.m.5 views

ALSA-2026:7675 Important: nodejs24 security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

9.8CVSS5.8AI score0.26356EPSS
Exploits1References38
Rows per page
Query Builder