Lucene search
K

103204 matches found

OSV
OSV
added 2026/03/25 7:53 p.m.3 views

GHSA-WXJX-R2J2-96FX AVideo: Full-Read SSRF Through Unvalidated statsURL Parameter in plugin/Live/test.php

Summary The plugin/Live/test.php endpoint accepts a URL via the statsURL parameter and fetches it server-side using filegetcontents, curlexec, or wget, returning the full response content in the HTML output. The only validation is a trivial regex /^http/ that does not block requests to...

4.9CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/25 7:30 p.m.6 views

WeChat Pay callback signature verification bypassed when Host header is localhost

Summary The verifywechatsign function in src/Functions.php unconditionally skips all signature verification when the PSR-7 request reports localhost as the host. An attacker can exploit this by sending a crafted HTTP request to the WeChat Pay callback endpoint with a Host: localhost header,...

8.6CVSS5.9AI score0.00503EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/03/25 6:31 p.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to the lack of rate limiting in the login process. An attacker can exhaust server resources by sending a large number of parallel login requests via a single HTTP/2 packet, potentially causing the server to cra...

6.5CVSS6AI score0.00305EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15756

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

4.3CVSS5.8AI score0.00305EPSS
Exploits0References2
OSV
OSV
added 2026/03/25 6:31 p.m.3 views

GHSA-247X-7QW8-FP98 Mattermost doesn't rate limit login requests, allowing DoS

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

4.3CVSS5.9AI score0.00305EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/25 6:31 p.m.5 views

Mattermost doesn't rate limit login requests, allowing DoS

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

6.5CVSS5.9AI score0.00305EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/25 6:16 p.m.3 views

CVE-2026-33663

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...

8.5CVSS0.00392EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/25 5:41 p.m.6 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to HTTP header injection (CVE-2025-14807)

Summary A HTTP header injection vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-14807 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This coul...

6.5CVSS5.7AI score0.00221EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 5:32 p.m.9 views

@grackle-ai/server has a Missing Secure Flag on Session Cookie

Impact The session cookie is set with HttpOnly; SameSite=Lax; Path=/ but does not include the Secure flag. This means the cookie will be sent over plain HTTP connections. Since the server binds to 127.0.0.1 by default and uses HTTP not HTTPS, this is acceptable for localhost use. However, when...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/25 5:32 p.m.3 views

GHSA-3MJM-X6GW-2X42 @grackle-ai/server has Missing Content-Security-Policy and X-Frame-Options Headers

Impact The HTTP server does not set Content-Security-Policy, X-Frame-Options, or X-Content-Type-Options headers on any response. This reduces defense-in-depth against XSS, clickjacking, and MIME-sniffing attacks. While the current XSS attack surface is small React-markdown is configured safely, n...

5.3CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.10 views

CVE-2026-26233

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

6.5CVSS0.00305EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 5:11 p.m.16 views

CVE-2026-33663

Summary: CVE-2026-33663 affects n8n Community Edition. Before versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in the credential pipeline to steal plaintext secrets from generic HTTP credentials (httpBasicAuth, http...

8.5CVSS6AI score0.00392EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 5:11 p.m.5 views

CVE-2026-33663 n8n Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...

8.5CVSS6AI score0.00392EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/25 4:53 p.m.2 views

SUSE CVE-2026-32854

LibVNCServer versions 0.9.15 and prior fixed in commit dc78dee contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit...

7.5CVSS5.9AI score0.05322EPSS
Exploits1References7
Cisco
Cisco
added 2026/03/25 4:0 p.m.25 views

Cisco IOS Software and IOS XE Software Release 3E HTTP Server Denial of Service Vulnerability

A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to improper validation ...

7.7CVSS5.9AI score0.0028EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/25 3:18 p.m.2 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in Node.js HTTP request handling. The flaw triggers when an incoming request includes a header named proto and the server application accesses req.headersDistinct. This causes dest"proto" to incorrectly resolve to...

8.7CVSS5.9AI score0.26356EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 2:16 p.m.4 views

CVE-2024-51348

A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution RCE by sending a specially crafted HTTP request...

8.8CVSS0.00408EPSS
Exploits1References2
SUSE Linux
SUSE Linux
added 2026/03/25 10:17 a.m.3 views

Security update for salt

This update for salt fixes the following issues: Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...

8.7CVSS5.8AI score0.01525EPSS
Exploits0References24
SUSE Linux
SUSE Linux
added 2026/03/25 10:17 a.m.7 views

Security update for salt

This update for salt fixes the following issues: Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...

8.7CVSS5.8AI score0.01525EPSS
Exploits0References22
SUSE Linux
SUSE Linux
added 2026/03/25 10:16 a.m.5 views

Security update for salt

This update for salt fixes the following issues: Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...

8.7CVSS5.8AI score0.01525EPSS
Exploits0References24
Rows per page
Query Builder