Lucene search
K

103203 matches found

OSV
OSV
added 2026/03/27 10:30 p.m.1 views

GHSA-QM2M-28PF-HGJW OpenClaw: Gateway Plugin HTTP Auth Grants Unrestricted operator.admin Runtime Scope to All Callers

Summary Gateway Plugin HTTP auth: "gateway" Mints operator.admin Runtime Scope Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Gateway-authenticated plugin...

8.6CVSS5.9AI score0.00298EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/27 10:1 p.m.20 views

CVE-2026-33981 Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters

changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the jq: and jqraw: include filter expressions allow use of the jq env builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user or unauthenticated us...

8.3CVSS0.00475EPSS
Exploits1References3
CVE
CVE
added 2026/03/27 10:1 p.m.19 views

CVE-2026-33981

Technical details for CVE-2026-33981 are not publicly available in the provided documents. No affected products, impact, or remediation are identifiable here. Monitor for updates .

8.3CVSS5.9AI score0.00475EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/27 8:16 p.m.5 views

DEBIAN-CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

7.5CVSS8.4AI score0.01125EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 8:16 p.m.4 views

CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS0.0064EPSS
Exploits1References22
NVD
NVD
added 2026/03/27 8:16 p.m.3 views

CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS0.01125EPSS
Exploits0References19
UbuntuCve
UbuntuCve
added 2026/03/27 8:16 p.m.1 views

CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS5.8AI score0.0064EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/03/27 8:16 p.m.3 views

CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS5.9AI score0.01125EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 8:16 p.m.4 views

UBUNTU-CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS5.9AI score0.01125EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 8:16 p.m.8 views

UBUNTU-CVE-2026-34475

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass...

9.8CVSS5.8AI score0.00202EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/27 7:55 p.m.25 views

CVE-2026-33871 Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS0.01125EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/27 7:55 p.m.10 views

CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS8.4AI score0.01125EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:55 p.m.5 views

CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS5.9AI score0.01125EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/27 7:55 p.m.3 views

EUVD-2026-16790

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS5.9AI score0.01125EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/27 7:54 p.m.8 views

CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS8.2AI score0.0064EPSS
Exploits1
OSV
OSV
added 2026/03/27 7:54 p.m.11 views

CVE-2026-33870 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS5.9AI score0.0064EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/03/27 7:40 p.m.5 views

CVE-2026-34475

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass...

5.4CVSS5.9AI score0.00202EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/03/27 7:40 p.m.3 views

CVE-2026-34475

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass...

9.8CVSS5.3AI score0.00202EPSS
Exploits1
Metasploit
Metasploit
added 2026/03/27 7:0 p.m.152 views

Generic HTTP Command Execution

This module interacts with existing command execution functionality on a target system, where user-supplied input is directly passed to system execution functions via a HTTP request. This could be from an existing vulnerability, or uploaded webshells such as: It is likely that HTTP evasion option...

5.6AI score
Exploits0
Snyk
Snyk
added 2026/03/27 6:31 p.m.6 views

HTTP Request Smuggling

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to HTTP Request Smuggling via the proxy server. An attacker can gain unauthorized access or manipulate web requests by sending specially crafted header block...

9.1CVSS5.3AI score0.00706EPSS
Exploits0References2
Rows per page
Query Builder