Lucene search
K

103206 matches found

NVD
NVD
added 2026/03/23 5:16 a.m.4 views

CVE-2026-4572

A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /viewproduct.php of the component HTTP POST Request Handler. Executing a manipulation of the argument searchtxt can lead to sql injection. The attack m...

6.5CVSS0.00245EPSS
Exploits1References5
CVE
CVE
added 2026/03/23 2:59 a.m.9 views

CVE-2026-4569

CVE-2026-4569 affects SourceCodester Sales and Inventory System 1.0. The vulnerability is a SQL injection in /view_category.php (HTTP POST Handler) via the searchtxt parameter. Exploitation is remote and publicly disclosed. Impact concerns data confidentiality and integrity; exploitation details ...

6.5CVSS6.5AI score0.0025EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27147

A NULL pointer dereference in the safe atou64 function src/misc.c of owntone-server through commit c4d57aa allows attackers to cause a Denial of Service DoS via sending a series of crafted HTTP requests to the server...

7.5CVSS5.8AI score0.00882EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 12:0 a.m.4 views

CVE-2026-26829

A NULL pointer dereference in the safeatou64 function src/misc.c of owntone-server through commit c4d57aa allows attackers to cause a Denial of Service DoS via sending a series of crafted HTTP requests to the server...

7.5CVSS5.8AI score0.00882EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-31696

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M1 through 9.0.115, 8.5.0 through 8.5.100, and 7.0.0 through 7.0.109 Description An inconsistent interpretation of HTTP requests 'HTTP Request/Response Smugglin...

7.8CVSS5.8AI score0.00461EPSS
Exploits0References99
Packet Storm News
Packet Storm News
added 2026/03/23 12:0 a.m.3 views

DNS Monitoring System with HTTP Dashboard

This Python script implements a small Security Operations Center Mini SOC that focuses on DNS traffic monitoring...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.3 views

PT-2026-27212

Name of the Vulnerable Software and Affected Versions Census CSWeb versions prior to 8.1.0 alpha Description The software allows the app/config directory to be accessed via HTTP in certain setups. An unauthenticated remote attacker can request configuration files and potentially obtain sensitive...

9.3CVSS5.8AI score0.00405EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.3 views

Siemens SIMATIC S7-1500 Sensitive Cookie Without 'HttpOnly' Flag (CVE-2025-38477)

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...

4.7CVSS6.1AI score0.00115EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.5 views

Siemens APE1808 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2025-68686)

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypas...

5.9CVSS5.8AI score0.00477EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

CSPro Users CSWeb 安全漏洞

CSPro Users CSWeb is a web application developed by CSPro Users Inc. It allows users to securely transfer cases or files between client devices and web servers. Version 8.0.1 of CSPro Users CSWeb contains a security vulnerability. This vulnerability stems from the ability to access app/config via...

9.3CVSS5.9AI score0.00405EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/03/23 12:0 a.m.158 views

📄 Cursor IDE MCP Deeplink Remote Code Execution

This Metasploit module exploits the MCP deeplink functionality in Cursor IDE through social engineering. The cursor:// protocol handler can be abused when a user accepts an installation prompt, leading to arbitrary command execution...

8.8CVSS6.2AI score0.07526EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/03/22 12:32 p.m.122 views

Exploit for Path Traversal in Apache Http_Server

https://n...

9.8CVSS5.8AI score0.99992EPSS
Exploits148
Cvelist
Cvelist
added 2026/03/21 10:2 p.m.41 views

CVE-2026-4528 trueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgery

A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/httpproxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation ...

7.5CVSS0.003EPSS
Exploits0References4
OSV
OSV
added 2026/03/21 3:31 a.m.3 views

GHSA-QWMF-95R9-GX9X Duplicate Advisory: OpenClaw's gateway tokenless Tailscale auth applied to HTTP routes

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hff7-ccv5-52f8. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway...

8.2CVSS5.7AI score0.00401EPSS
Exploits0References4
Fedora
Fedora
added 2026/03/21 1:11 a.m.8 views

[SECURITY] Fedora 42 Update: cpp-httplib-0.37.1-2.fc42

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...

7.5CVSS5.7AI score0.00602EPSS
Exploits4
Fedora
Fedora
added 2026/03/21 12:55 a.m.6 views

[SECURITY] Fedora 43 Update: cpp-httplib-0.37.1-2.fc43

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...

7.5CVSS5.7AI score0.00602EPSS
Exploits4
NVD
NVD
added 2026/03/20 11:16 p.m.3 views

CVE-2026-33180

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

8.2CVSS0.00264EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/20 11:16 p.m.8 views

CVE-2026-33231

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server whe...

7.5CVSS5.9AI score0.00855EPSS
Exploits1References4
CVE
CVE
added 2026/03/20 10:45 p.m.40 views

CVE-2026-33231

CVE-2026-33231 affects NLTK’s nltk.app.wordnet_app in versions 3.9.3 and earlier, where the WordNet Browser HTTP server started in default mode can be remotely shutdown by an unauthenticated GET request to /SHUTDOWN%20THE%20SERVER, causing a denial of service via os._exit(0). IBM’s bulletin/Secur...

7.5CVSS5.8AI score0.00855EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2026/03/20 10:45 p.m.22 views

CVE-2026-33231 NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server whe...

7.5CVSS0.00855EPSS
Exploits1References2
Rows per page
Query Builder