Lucene search
K

274 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : squid-5.5-5.el9.1 (AXSA:2023-6560:03)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6560:03 advisory. SQUID-2023:3 squid: Denial of Service in HTTP Digest Authentication CVE-2023-46847 SQUID-2023:1 squid: Request/Response smuggling in HTTP/1.1 and IC...

9.3CVSS5.6AI score0.85944EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : rh-ruby27-ruby-2.7.3-129.el7 (AXSA:2021-1769:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1769:01 advisory. ruby: Potential HTTP request smuggling in WEBrick CVE-2020-25613 ruby: XML round-trip vulnerability in REXML CVE-2021-28965 Tenable has extracted th...

7.5CVSS7.4AI score0.05061EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : nodejs-nodemon-2.0.20-2.el9, nodejs-16.18.1-3.el9 (AXSA:2023-5057:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5057:01 advisory. minimist: prototype pollution CVE-2021-44906 nodejs-minimatch: ReDoS via the braceExpand function CVE-2022-3517 nodejs: HTTP Request Smuggling due t...

9.8CVSS6.8AI score0.14024EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.9 views

MiracleLinux 9 : nodejs-nodemon-2.0.19-1.el9, nodejs-16.16.0-1.el9 (AXSA:2022-4073:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4073:01 advisory. nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-parent: Regular expression denial of service CVE-2020-28469...

9.8CVSS7.4AI score0.77766EPSS
Exploits6References11
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 8 : grafana-9.2.10-25.el8_10 (AXSA:2025-10021:06)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10021:06 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...

9.1CVSS7.1AI score0.00724EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.2 views

MiracleLinux 9 : grafana-pcp-5.1.1-11.el9_6 (AXSA:2025-10537:03)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10537:03 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...

9.1CVSS7.2AI score0.00724EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.8 views

PT-2026-23085

Name of the Vulnerable Software and Affected Versions libsoup versions 2.4.1-2.74.3 through 2.4.1-2.74.3-17.1 libsoup versions 3.0.0-3.6.6 through 3.0.0-3.6.6-1.1 Description The libsoup library contains flaws related to HTTP/1 request smuggling. Specifically, the soup headers parse function...

5.3CVSS5.7AI score0.00423EPSS
Exploits1References77
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/30 5:57 p.m.8 views

Security Bulletin: IBM Storage Ceph is vulnerable to HTTP Request/Response Smuggling in Grafana (CVE-2025-22871)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Golang via Grafana. CVE-2025-22871 Vulnerability Details CVEID:CVE-2025-22871 DESCRIPTION: The net/http package improperly accepts a bare LF as a line...

9.1CVSS6.6AI score0.00724EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.4 views

PT-2025-52508

Name of the Vulnerable Software and Affected Versions Quest Coexistence Manager for Notes version 3.8.2045 Description An inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' exists in Quest Coexistence Manager for Notes Free/Busy Connector modules. This allows HTTP...

6.3CVSS6.5AI score0.00392EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2025/12/18 9:27 a.m.187 views

HTTP-Smuggling

HTTP-Smuggling simpel Practical lab for learning HTTP Request...

7.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 10:21 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to HTTP Request Smuggling (HRS) due to gunicorn

Summary gunicorn is used by IBM watsonx Orchestrate Developer Edition as part of wxo-rag-tool image Vulnerability Details CVEID:CVE-2024-6827 DESCRIPTION: Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads ...

7.5CVSS6.3AI score0.00738EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.8 views

EulerOS 2.0 SP13 : golang (EulerOS-SA-2025-2500)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a...

9.1CVSS7AI score0.00724EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/12/09 3:41 p.m.4 views

Low: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.4

Red Hat OpenShift Service Mesh 3.1.4 Red Hat OpenShift Service Mesh 3.1.4, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application. Fixes/Improvements: Updated to Istio version...

7.5CVSS6.7AI score0.00297EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/12/09 3:8 p.m.4 views

Low: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.7

Red Hat OpenShift Service Mesh 3.0.7 Red Hat OpenShift Service Mesh 3.0.7, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application. Security Fixes: istio-proxyv2-rhel9: AIOHTTP is...

7.5CVSS6.7AI score0.00297EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/08 11:2 p.m.6 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to request smuggling due to the Netty package (CVE-2025-58056)

Summary Netty is used by DataStage on Cloud Pak for Data as part of the event processing functionality. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and...

7.5CVSS6.6AI score0.00631EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/04 12:0 a.m.4 views

macOS 15.x < 15.7.2 Multiple Vulnerabilities (125635)

The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.7.2. It is, therefore, affected by multiple vulnerabilities: - A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe...

9.8CVSS7AI score0.01429EPSS
Exploits4References62
Tenable Nessus
Tenable Nessus
added 2025/11/04 12:0 a.m.6 views

Tenable Identity Exposure < 3.77.14 Multiple Vulnerabilities (TNS-2025-23)

The version of Tenable Identity Exposure formerly Tenable.ad installed on the remote host is prior to 3.77.14. It therefore contains vulnerable versions of third-party components .NET, SQL Server, and curl. Tenable has upgraded these components to address the potential impact of the issues,...

9.9CVSS8.3AI score0.66258EPSS
Exploits6References9
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.5 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-7840-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7840-1 advisory. It was discovered that the REXML module bunded into Ruby incorrectly handled parsing XML documents with repeated instances of...

7.5CVSS6.8AI score0.02064EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-55315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a...

9.9CVSS7.3AI score0.66258EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2025/10/23 12:0 a.m.13 views

Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2025-1230)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1230 advisory. Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate privileges locally. CVE-2025-55247 Inadequate encryption strength in .NET, .NET...

9.9CVSS8.7AI score0.66258EPSS
Exploits5References8
Rows per page
Query Builder