Lucene search
K

103206 matches found

CVE
CVE
added 2026/03/24 3:24 a.m.19 views

CVE-2026-4742

Concretely, CVE-2026-4742 affects visualfc/liteide prior to x38.4, with the vulnerability located in http_parser.C within liteidex/src/3rdparty/qjsonrpc/src/http-parser modules. The issue is described as an inconsistent interpretation of HTTP requests that enables HTTP Request/Response Smuggling....

6.3CVSS5.8AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 3:24 a.m.26 views

CVE-2026-4742 HTTP Request Smuggling in visualfc/liteide

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in visualfc liteide liteidex/src/3rdparty/qjsonrpc/src/http-parser modules. This vulnerability is associated with program files httpparser.C. This issue affects liteide: before x38.4...

6.3CVSS0.00207EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 2:16 a.m.6 views

UBUNTU-CVE-2026-33307

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...

7.5CVSS6AI score0.00342EPSS
Exploits0References4
OSV
OSV
added 2026/03/24 1:34 a.m.3 views

CVE-2026-33307 mod_gnutils has stack-based buffer overflow caused by a long client certificate chain

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...

7.5CVSS5.9AI score0.00342EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.5 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.1.6)

The version of AOS installed on the remote host is prior to 7.3.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.1.6 advisory. - The email module, specifically the BytesGenerator class, didn't properly quote newlines for email headers when serializing ...

7.5CVSS7AI score0.63258EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27302

Name of the Vulnerable Software and Affected Versions Mod gnutls versions prior to 0.12.3 Mod gnutls versions prior to 0.13.0 Description Mod gnutls is a TLS module for Apache HTTPD based on GnuTLS. The software contains an issue where code for client certificate verification imports the...

7.5CVSS5.9AI score0.00342EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.10 views

LiteIDE 安全漏洞

LiteIDE X is a Go language code development tool developed by Seven Leaf individuals. Previous versions of LiteIDE X, such as 38.4, contained security vulnerabilities. These vulnerabilities were caused by inconsistent interpretation of HTTP requests, which could lead to issues with the http...

6.3CVSS5.9AI score0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.6 views

PT-2026-27371

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and execute the payload...

8.6CVSS6.5AI score0.00183EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.7 views

LibVNCServer 代码问题漏洞

LibVNCServer is a cross-platform C language library that enables the implementation of VNC Virtual Network Computing server or client functions in programs. Versions of LibVNCServer prior to 0.9.15 have code vulnerabilities due to a null pointer dereferencing issue in the HTTP proxy handler, whic...

7.5CVSS5.9AI score0.05322EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.11 views

PT-2026-27319

Name of the Vulnerable Software and Affected Versions visualfc liteide versions prior to x38.4 Description An inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' exists in visualfc liteide within the http parser.C program files and the...

6.3CVSS5.8AI score0.00207EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.9 views

Oracle Linux 8 : nginx:1.24 (ELSA-2026-5581)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-5581 advisory. - Resolves: RHEL-146517 - nginx:1.24/nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 - Resolves: RHEL-12728 -...

8.2CVSS7AI score0.99999EPSS
Exploits29References2
FreeBSD
FreeBSD
added 2026/03/24 12:0 a.m.7 views

Mozilla -- Multiple vulnerabilities

CVE-2026-4688: Sandbox escape due to use-after-free in Disability Access APIs. CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component. CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component. CVE-2026-4700: Mitigation bypass in the...

10CVSS7.3AI score0.00687EPSS
Exploits0
NVD
NVD
added 2026/03/23 10:16 p.m.4 views

CVE-2025-60949

Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha...

9.3CVSS0.00405EPSS
Exploits0References4
OSV
OSV
added 2026/03/23 6:14 p.m.6 views

GO-2026-4773 Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk...

7.1CVSS5.8AI score0.00178EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/23 3:30 p.m.4 views

HybridAuth Has Improper SSL Certificate Validation in Curl HTTP Client

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This...

6.3CVSS5.5AI score0.00181EPSS
Exploits0References6Affected Software1
Hacker One
Hacker One
added 2026/03/23 2:38 p.m.13 views

curl: HTTP/1.1 Response Desynchronization via conflicting CL/TE headers in Proxy CONNECT

Summary: curl fails to prioritize the Transfer-Encoding: chunked header over Content-Length in HTTP/1.1 proxy responses specifically 407/401 auth challenges, violating RFC 9112 Section 6.1. I have identified the root cause in cf-h1-proxy.c. In the response-handling loop around line 466, the code...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/23 10:53 a.m.9 views

CVE-2026-33186

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References4
OSV
OSV
added 2026/03/23 10:3 a.m.4 views

CLSA-2026-1774260216 Fix CVE(s): CVE-2026-1965, CVE-2026-3783, CVE-2026-3784

SECURITY UPDATE: reuse of connections using HTTP Negotiate - debian/patches/CVE-2026-1965.patch: fix reuse of connections using HTTP Negotiate and fix copy and paste urlmatchauthnego mistake. - CVE-2026-1965 Bearer token sent without checking auth is allowed - debian/patches/CVE-2026-3783.patch:...

6.5CVSS5.8AI score0.00333EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2026/03/23 7:40 a.m.3 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS5.8AI score0.01945EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/23 6:52 a.m.7 views

CVE-2026-33231

A flaw was found in NLTK Natural Language Toolkit, specifically in the nltk.app.wordnetapp component. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted GET request to the local WordNet Browser HTTP server when it is running in its default...

7.5CVSS5.8AI score0.00855EPSS
Exploits1References5
Rows per page
Query Builder