Lucene search
K

103207 matches found

Cvelist
Cvelist
added 2026/03/24 11:11 p.m.25 views

CVE-2026-4780 SourceCodester Sales and Inventory System HTTP GET Parameter update_out_standing.php sql injection

A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file updateoutstanding.php of the component HTTP GET Parameter Handler. Performing a manipulation of the argument sid results in sql injection. The attack is possible to be carrie...

6.5CVSS0.00295EPSS
Exploits1References5
CVE
CVE
added 2026/03/24 11:11 p.m.8 views

CVE-2026-4780

CVE-2026-4780 affects SourceCodester Sales and Inventory System 1.0. The vulnerability is in the HTTP GET Parameter Handler of the file update_out_standing.php, where manipulating the sid argument enables a SQL injection. This can be carried out remotely, and public exploits exist. Multiple sourc...

8.8CVSS6.4AI score0.00295EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/24 10:22 p.m.22 views

CVE-2026-4778 SourceCodester Sales and Inventory System HTTP GET Parameter update_category.php sql injection

A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file updatecategory.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is...

6.5CVSS0.00303EPSS
Exploits1References5
NVD
NVD
added 2026/03/24 9:16 p.m.6 views

CVE-2026-24158

NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS0.00405EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/24 8:26 p.m.5 views

CVE-2026-24158

NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS5.8AI score0.00405EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/24 8:25 p.m.21 views

CVE-2025-33238

NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS0.00323EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/24 8:4 p.m.5 views

CVE-2026-21790 HCL Traveler is susceptible to a weak default HTTP header validation vulnerability

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...

6.3CVSS5.8AI score0.0015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/24 8:1 p.m.4 views

CVE-2026-32854

A flaw was found in LibVNCServer. This vulnerability allows a remote attacker to cause a Denial of Service DoS by sending specially crafted HTTP requests. The flaw exists in the HTTP proxy handlers, where missing validation of certain return values can lead to a null pointer dereference, causing...

7.5CVSS5.7AI score0.05322EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/03/24 7:18 p.m.7 views

FileBrowser Quantum has Username Enumeration via Authentication Timing Side-Channel

Summary The /api/auth/login authentication endpoint does not execute in constant time. When a non-existent username is supplied, the server returns a 401/403 response almost immediately. When a valid username is provided, the server performs a bcrypt password comparison, causing a measurable dela...

5.9AI score
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 7:0 p.m.4 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in qs (parse modules) (CVE-2025-15284)

Summary A vulnerability in qs parse modules that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option...

6.3CVSS5.8AI score0.0041EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 6:23 p.m.4 views

Security Bulletin: IBM Security QRadar Log Management AQL Plugin is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM Security QRadar Log Management AQL Plugin has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of...

9.4CVSS7.1AI score0.01735EPSS
Exploits1Affected Software1
NVD
NVD
added 2026/03/24 6:16 p.m.9 views

CVE-2026-32854

LibVNCServer versions 0.9.15 and prior fixed in commit dc78dee contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit...

7.5CVSS0.05322EPSS
Exploits1References3
OSV
OSV
added 2026/03/24 6:16 p.m.4 views

DEBIAN-CVE-2026-32854

LibVNCServer versions 0.9.15 and prior fixed in commit dc78dee contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit...

7.5CVSS5.4AI score0.05322EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/03/24 6:16 p.m.0 views

CVE-2026-32854

LibVNCServer versions 0.9.15 and prior fixed in commit dc78dee contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit...

7.5CVSS5.9AI score0.05322EPSS
Exploits1References4
OSV
OSV
added 2026/03/24 5:40 p.m.5 views

CVE-2026-33407 Wallos: SSRF via HTTP Proxy Environment Variable

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTPPROXY and HTTPSPROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied search...

8.3CVSS5.9AI score0.00369EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/24 5:31 p.m.22 views

CVE-2026-32854 LibVNCServer httpd proxy NULL Pointer Dereference

LibVNCServer versions 0.9.15 and prior fixed in commit dc78dee contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit...

6.3CVSS0.05322EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/24 3:30 p.m.3 views

EUVD-2026-14881

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS6.1AI score0.21621EPSS
Exploits0References2
OSV
OSV
added 2026/03/24 3:16 p.m.3 views

DEBIAN-CVE-2026-27651

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

8.7CVSS5.4AI score0.00921EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/24 3:16 p.m.6 views

CVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS5.8AI score0.21621EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 2:18 p.m.7 views

Security Bulletin: IBM Datapower Operations Dashboard could allow HTTP Parameter Pollution CVE-2025-7783

Summary form-data is used by the IBM Datapower Operations Dashboard for their streaming implementation Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with...

9.4CVSS7.1AI score0.01735EPSS
Exploits1Affected Software1
Rows per page
Query Builder