Lucene search
K

103202 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 2:18 p.m.7 views

Security Bulletin: IBM Datapower Operations Dashboard could allow HTTP Parameter Pollution CVE-2025-7783

Summary form-data is used by the IBM Datapower Operations Dashboard for their streaming implementation Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with...

9.4CVSS7.1AI score0.01735EPSS
Exploits1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/24 2:13 p.m.26 views

CVE-2026-27651

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References2Affected Software1
Nginx
Nginx
added 2026/03/24 2:13 p.m.727 views

Buffer overflow in ngx_http_dav_module

Buffer overflow in ngxhttpdavmodule Severity: medium CVE-2026-27654 Not vulnerable: 1.29.7+, 1.28.3+ Vulnerable: 0.5.13-1.29.6...

8.8CVSS5.8AI score0.21621EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/24 1:16 p.m.3 views

CVE-2026-4700

Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

9.8CVSS0.00459EPSS
Exploits0References33
OSV
OSV
added 2026/03/24 12:31 p.m.4 views

SUSE-SU-2026:20925-1 Security update for nghttp2

This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845...

7.5CVSS5.9AI score0.00775EPSS
Exploits0References3
CVE
CVE
added 2026/03/24 12:30 p.m.20 views

CVE-2026-4700

CVE-2026-4700 affects Firefox and Thunderbird; mitigation bypass in the Networking: HTTP component was fixed in Firefox 149 / ESR 140.9 and Thunderbird 149 / 140.9. The CVSS 3.1 score is 9.8 (CRITICAL) with NETWORK attack vector and no user interaction. Remediation per provided docs: upgrade to F...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References33Affected Software1
Debian CVE
Debian CVE
added 2026/03/24 12:30 p.m.2 views

CVE-2026-4700

Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

9.8CVSS7.9AI score0.00459EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/24 12:30 p.m.7 views

CVE-2026-4700

Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/24 12:30 p.m.4 views

CVE-2026-4700 Mitigation bypass in the Networking: HTTP component

Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

7.2AI score0.00459EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/24 12:30 p.m.17 views

CVE-2026-4700 Mitigation bypass in the Networking: HTTP component

Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

0.00459EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/24 11:28 a.m.3 views

CVE-2026-33307

A flaw was found in modgnutls, a TLS module for Apache HTTPD. A remote attacker could exploit this vulnerability by sending a specially crafted client certificate chain to a server configured to use client certificates. This could lead to a buffer overflow due to the module not properly checking...

7.5CVSS6.1AI score0.00342EPSS
Exploits0References2
OSV
OSV
added 2026/03/24 10:21 a.m.43 views

BIT-TOMCAT-2023-28708 Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 10.1.0 to 10.1.5, 9.0.0 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the...

4.3CVSS6.7AI score0.01831EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/24 6:31 a.m.4 views

EUVD-2026-14701

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in visualfc liteide liteidex/src/3rdparty/qjsonrpc/src/http-parser modules. This vulnerability is associated with program files httpparser.C. This issue affects liteide: before x38.4...

6.3CVSS5.8AI score0.00207EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/03/24 4:2 a.m.3 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS7AI score0.01945EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/24 3:24 a.m.2 views

CVE-2026-4742

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in visualfc liteide liteidex/src/3rdparty/qjsonrpc/src/http-parser modules. This vulnerability is associated with program files httpparser.C. This issue affects liteide: before x38.4...

6.3CVSS5.8AI score0.00207EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/24 3:24 a.m.6 views

CVE-2026-4742 HTTP Request Smuggling in visualfc/liteide

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in visualfc liteide liteidex/src/3rdparty/qjsonrpc/src/http-parser modules. This vulnerability is associated with program files httpparser.C. This issue affects liteide: before x38.4...

6.3CVSS5.8AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/03/24 3:24 a.m.19 views

CVE-2026-4742

Concretely, CVE-2026-4742 affects visualfc/liteide prior to x38.4, with the vulnerability located in http_parser.C within liteidex/src/3rdparty/qjsonrpc/src/http-parser modules. The issue is described as an inconsistent interpretation of HTTP requests that enables HTTP Request/Response Smuggling....

6.3CVSS5.8AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 3:24 a.m.26 views

CVE-2026-4742 HTTP Request Smuggling in visualfc/liteide

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in visualfc liteide liteidex/src/3rdparty/qjsonrpc/src/http-parser modules. This vulnerability is associated with program files httpparser.C. This issue affects liteide: before x38.4...

6.3CVSS0.00207EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 2:16 a.m.6 views

UBUNTU-CVE-2026-33307

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...

7.5CVSS6AI score0.00342EPSS
Exploits0References4
OSV
OSV
added 2026/03/24 1:34 a.m.3 views

CVE-2026-33307 mod_gnutils has stack-based buffer overflow caused by a long client certificate chain

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...

7.5CVSS5.9AI score0.00342EPSS
Exploits0References4
Rows per page
Query Builder