Lucene search
K

103203 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.4 views

CVE-2026-4742

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in visualfc liteide liteidex/src/3rdparty/qjsonrpc/src/http-parser modules. This vulnerability is associated with program files httpparser.C. This issue affects liteide: before x38.4...

6.3CVSS5.8AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.3 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

8.8CVSS6.2AI score0.00453EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.8 views

CVE-2026-26829

A NULL pointer dereference in the safeatou64 function src/misc.c of owntone-server through commit c4d57aa allows attackers to cause a Denial of Service DoS via sending a series of crafted HTTP requests to the server...

7.5CVSS5.8AI score0.00882EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.3 views

CVE-2026-25689

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions,...

6.5CVSS5.8AI score0.00535EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.4 views

CVE-2026-32031

OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in gateway authentication for plugin channel endpoints due to path canonicalization mismatch between the gateway guard and plugin handler routing. Attackers can bypass authentication by sending reques...

6.5CVSS5.8AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.5 views

CVE-2026-24097

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/registerexisting endpoint, which could lead to information disclosure...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.5 views

CVE-2026-26311

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection manager FilterManager that allows for Zombie Stream Filter Execution. This issue creates a "Use-After-Free" UAF or state-corruption window where...

5.9CVSS5.8AI score0.00337EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.4 views

CVE-2026-3974

A vulnerability was identified in Tenda W3 1.0.0.32204. This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be performed from remote. Th...

9CVSS7.9AI score0.00632EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.3 views

CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

7CVSS5.8AI score0.00528EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32617

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, On default installations where no password or API key has been configured, all HTTP endpoints and the agent WebSocket lack authentication, and the...

7.5CVSS5.7AI score0.0041EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32110

SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and...

8.3CVSS5.9AI score0.00278EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32045

OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper authentication...

9.1CVSS5.8AI score0.00401EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.4 views

CVE-2026-33010

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled MCPHTTPENABLED=true, the application configures FastAPI's CORSMiddleware with alloworigins='', allowcredentials=True, allowmethods="", and allowheaders="". The...

8.1CVSS5.7AI score0.00387EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.4 views

CVE-2026-31829

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including...

8.8CVSS7.1AI score0.023EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.6 views

CVE-2026-22322

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

7.1CVSS5.8AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.5 views

CVE-2026-22209

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like alert1...

5.5CVSS5.6AI score0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:56 p.m.4 views

CVE-2019-25478

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make i...

8.7CVSS6.1AI score0.00492EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 12:59 p.m.12 views

CVE-2025-55271

CVE-2025-55271 affects HCL Aftermarket DPC via HTTP Response Splitting vulnerability. The available connected documents describe that an attacker may be able to execute arbitrary commands or inject harmful content depending on how the web application handles split responses. The PT-2026-28296 ent...

8.8CVSS6.1AI score0.00318EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/26 12:30 p.m.3 views

EUVD-2025-209046

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files x86\shttpsmg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority...

8.7CVSS6.1AI score0.00613EPSS
Exploits0References2
CVE
CVE
added 2026/03/26 12:20 p.m.6 views

CVE-2025-41359

The CVE-2025-41359 vulnerability affects Small HTTP Server 3.06.36, due to an unquoted service path for the executable at C:\Program Files (x86)\shttps_mg\http.exe. This misconfiguration enables a local attacker to place a higher-priority malicious executable with the same name, causing the servi...

8.5CVSS6.1AI score0.00155EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder