Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3711 matches found

Prion
Prionadded 2019/03/13 8:29 a.m.25 views

Crlf injection

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command...

4.3CVSS6.3AI score0.02346EPSS
Exploits1References8Affected Software5
CVE
CVEadded 2019/03/13 6:0 a.m.165 views

CVE-2019-9741

CVE-2019-9741 affects Go’s net/http in Go 1.11.5, enabling CRLF injection when an attacker controls a URL parameter. The issue arises from constructing an HTTP request with http.NewRequest where a CRLF sequence can precede a header or Redis command, allowing potential header injection and related...

6.1CVSS6.3AI score0.02346EPSS
Exploits1References8Affected Software1
Cvelist
Cvelistadded 2019/03/13 6:0 a.m.28 views

CVE-2019-9741

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command...

6.4AI score0.02346EPSS
Exploits1References8
Debian CVE
Debian CVEadded 2019/03/13 6:0 a.m.35 views

CVE-2019-9741

Removed by vendor...

6.1CVSS6.6AI score0.02346EPSS
Exploits1
NVD
NVDadded 2019/03/13 3:29 a.m.21 views

CVE-2019-9740

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

6.1CVSS7.6AI score0.05372EPSS
Exploits1References29
EUVD
EUVDadded 2019/03/13 3:0 a.m.2 views

EUVD-2019-19103

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

6.1CVSS7.6AI score0.05372EPSS
Exploits1References38
Debian CVE
Debian CVEadded 2019/03/13 3:0 a.m.30 views

CVE-2019-9740

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

6.1CVSS7.9AI score0.05372EPSS
Exploits1
OSV
OSVadded 2019/03/13 3:0 a.m.45 views

PSF-2019-10 HTTP Header Injection (follow-up of CVE-2016-5699)

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

6.1CVSS7.3AI score0.05372EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2019/03/12 12:0 a.m.48 views

CVE-2019-9740

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

6.1CVSS6.8AI score0.05372EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2019/03/09 12:0 a.m.6 views

PT-2019-9645 · Netdata +4 · Netdata +4

Name of the Vulnerable Software and Affected Versions: Netdata version 1.10.0 Description: An issue exists in the software where HTTP Header Injection is possible via the filename parameter in the "api/v1/data" endpoint. This is due to the web client api request v1 data function in web/api/web ap...

9.1CVSS6.6AI score0.02172EPSS
Exploits8References59
Prion
Prionadded 2019/03/07 11:29 p.m.16 views

Sql injection

zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header...

7.5CVSS9.7AI score0.01537EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2019/03/07 10:0 p.m.42 views

CVE-2018-17412

CVE-2018-17412 affects the ZZCMS package, specifically v8.3, with a SQL injection in /user/logincheck.php exploitable via the X-Forwarded-For HTTP header. The issue stems from unsafely incorporating header data into SQL queries, enabling an attacker to execute arbitrary SQL. CVSS data indicates h...

9.8CVSS9.7AI score0.01537EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2019/02/25 5:29 a.m.18 views

CVE-2019-9125

An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAPAUTH HTTP header...

9.8CVSS9.9AI score0.03004EPSS
Exploits1References2
CVE
CVEadded 2019/02/25 5:0 a.m.50 views

CVE-2019-9125

CVE-2019-9125 affects D-Link DIR-878 (firmware 1.12B01). The root cause is misuse of strncpy causing a stack-based buffer overflow that can be exploited remotely without authentication via HNAP_AUTH. Documentation consistently notes impact to confidentiality, integrity, and availability. Public d...

9.8CVSS9.7AI score0.03004EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2019/02/21 7:29 p.m.2 views

CVE-2019-8985

On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices possibly WF2411 through WF2880, there is a stack-based buffer overflow that does not require authentication. This can cause denial of service device restart or remote code execution. This vulnerability can be triggered by a GE...

9.8CVSS7.9AI score0.13296EPSS
Exploits1References1
NVD
NVDadded 2019/02/18 12:29 a.m.18 views

CVE-2019-8435

admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header...

4.8CVSS4.9AI score0.00583EPSS
Exploits1References1
CNVD
CNVDadded 2019/02/12 12:0 a.m.25 views

LIVE555 Buffer Overflow Vulnerability

LIVE555 is a set of open source C++ libraries for multimedia streaming. Live555 suffers from a buffer overflow vulnerability. The vulnerability stems from handleRequestBytes having an unrestricted memmove, which can be exploited to cause a denial of service via a large integer in the Content-Leng...

7.5CVSS8.4AI score0.0158EPSS
Exploits1References1
NVD
NVDadded 2019/02/11 5:29 p.m.27 views

CVE-2019-7733

In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove...

7.5CVSS7.9AI score0.0158EPSS
Exploits1References2
UbuntuCve
UbuntuCveadded 2019/02/11 5:29 p.m.39 views

CVE-2019-7733

In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove...

7.5CVSS7.3AI score0.0158EPSS
Exploits1References2
Cvelist
Cvelistadded 2019/02/11 5:0 p.m.25 views

CVE-2019-7733

In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove...

8.8AI score0.0158EPSS
Exploits1References2
Rows per page
Query Builder