Lucene search
K

103201 matches found

RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.4 views

CVE-2025-41359

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files x86\shttpsmg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority...

8.5CVSS6.1AI score0.00155EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 3:16 p.m.6 views

CVE-2026-33433

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.3, when headerField is configured with a non-canonical HTTP header name e.g., x-auth-user instead of X-Auth-User, an authenticated attacker can inject their own canonical version of that header to...

8.8CVSS0.00469EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/03/27 2:31 p.m.3 views

CVE-2026-33766 AVideo has SSRF Protection Bypass via HTTP Redirect in Image Download Endpoints

WWBN AVideo is an open source video platform. In versions up to and including 26.0, isSSRFSafeURL validates URLs against private/reserved IP ranges before fetching, but urlgetcontents follows HTTP redirects without re-validating the redirect target. An attacker can bypass SSRF protection by...

5.3CVSS5.9AI score0.00233EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/27 2:26 p.m.9 views

CVE-2021-27113

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters...

10CVSS7.4AI score0.03459EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:26 p.m.6 views

CVE-2021-27209

In the management interface on TP-Link Archer C5v 1.7181221 devices, credentials are sent in a base64 format over cleartext HTTP...

7.1CVSS7AI score0.0023EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:24 p.m.40 views

CVE-2021-27715

An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request...

9.8CVSS8.1AI score0.01056EPSS
Exploits0References1
OSV
OSV
added 2026/03/27 2:4 p.m.5 views

OESA-2026-1747 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: A compromised third party cloud server or man-in-the-middle...

3.7CVSS5.9AI score0.00187EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 2:4 p.m.2 views

OESA-2026-1742 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: A compromised third party cloud server or man-in-the-middle...

3.7CVSS5.9AI score0.00187EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/03/27 11:34 a.m.4 views

Security update for python311

This update for python311 fixes the following issues: Update to python 3.11.15: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...

8.7CVSS7AI score0.01525EPSS
Exploits0References40
OSV
OSV
added 2026/03/27 9:16 a.m.2 views

ALPINE-CVE-2026-27856

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port,...

5.9CVSS5.9AI score0.00392EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 9:16 a.m.3 views

CVE-2026-27856

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port,...

7.4CVSS0.00392EPSS
Exploits1References5
OSV
OSV
added 2026/03/27 9:4 a.m.6 views

SUSE-SU-2026:1107-1 Security update for python312

This update for python312 fixes the following issues: Update to Python 3.12.13: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

7.5CVSS7AI score0.01525EPSS
Exploits0References21
CVE
CVE
added 2026/03/27 5:53 a.m.7 views

CVE-2024-14028

CVE-2024-14028 describes a use-after-free vulnerability in Softing smartLink HW-DP and HW-PN webservers that can lead to HTTP DoS. Affected products are smartLink HW-DP up to version 1.31 and HW-PN up to version 1.02. The issue is triggered by a use-after-free in the webserver’s handling of HTTP ...

6.5CVSS5.8AI score0.0021EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/27 12:46 a.m.5 views

CVE-2026-33745

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects 301/302/307/308. A malicious or...

7.4CVSS5.5AI score0.00262EPSS
Exploits1
Amazon
Amazon
added 2026/03/27 12:0 a.m.8 views

Medium: amazon-cloudwatch-agent

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

10CVSS7.1AI score0.01945EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.2 views

SUSE SLES12: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2026:1058-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1058-1 advisory. Update to Tomcat 9.0.115: - CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to 'MadeYouReset' DoS attack bsc1243895. -...

10CVSS7.1AI score0.99999EPSS
Exploits107References94
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.6 views

CVE-2025-14808

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

3.1CVSS5.8AI score0.00225EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 10:16 p.m.7 views

CVE-2026-33658

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate C...

6.5CVSS0.00434EPSS
Exploits0References5
OSV
OSV
added 2026/03/26 10:16 p.m.2 views

DEBIAN-CVE-2026-33658

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate C...

6.5CVSS5.3AI score0.00434EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/26 10:16 p.m.4 views

CVE-2026-33658

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate C...

6.5CVSS5.9AI score0.00434EPSS
Exploits0References6
Rows per page
Query Builder