Lucene search
K

103219 matches found

OSV
OSV
added 2026/03/20 2:24 p.m.6 views

OESA-2026-1651 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Improper Input Validation...

9.1CVSS5.7AI score0.00498EPSS
Exploits0References4
OSV
OSV
added 2026/03/20 2:23 p.m.6 views

OESA-2026-1637 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.1, when a cpp-httplib client uses the...

8.7CVSS5.6AI score0.00453EPSS
Exploits2References3
vulnersOsv
vulnersOsv
added 2026/03/20 12:0 p.m.5 views

NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +487 more potentially affected by unknown CVE via tokio-signal (>=0.1.5 <=0.3.0-alpha.1)

tokio-signal CARGO version =0.1.5, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.2.5 - actix-identity =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0065...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/20 11:48 a.m.2 views

SUSE-SU-2026:20768-1 Security update for python311

This update for python311 fixes the following issues: Updated to Python 3.11.15: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

7.5CVSS7.1AI score0.01525EPSS
Exploits0References17
OSV
OSV
added 2026/03/20 9:37 a.m.2 views

SUSE-SU-2026:20760-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

7.5CVSS5.9AI score0.00715EPSS
Exploits4References9
ATTACKERKB
ATTACKERKB
added 2026/03/20 5:38 a.m.7 views

CVE-2026-33039

WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location heade...

8.6CVSS5.8AI score0.00453EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/20 3:15 a.m.5 views

CVE-2026-21992

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: REST WebServices and Oracle Web Services Manager product of Oracle Fusion Middleware component: Web Services Security. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable...

9.8CVSS0.01008EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/20 12:40 a.m.7 views

Use of Cache Containing Sensitive Information

Overview org.springframework.security:spring-security-web is a package within Spring Security that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the process of writing HTTP response heade...

9.3CVSS5.9AI score0.0048EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2026/03/20 12:31 a.m.10 views

Spring Security HTTP Headers Are not Written Under Some Conditions

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0...

9.1CVSS5.8AI score0.0048EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/03/20 12:31 a.m.4 views

GHSA-MF92-479X-3373 Spring Security HTTP Headers Are not Written Under Some Conditions

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0...

9.1CVSS5.8AI score0.0048EPSS
Exploits2References3
Fedora
Fedora
added 2026/03/20 12:18 a.m.7 views

[SECURITY] Fedora 44 Update: cpp-httplib-0.37.1-2.fc44

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...

7.5CVSS5.7AI score0.00602EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.2 views

SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2026:0932-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0932-1 advisory. Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping...

9.1CVSS7AI score0.00498EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.6 views

gRPC-Go 授权问题漏洞

gRPC-Go is a high-performance, general-purpose RPC framework developed from the grpc project. Prior to version 1.79.3, there was an authorization vulnerability in gRPC-Go. This vulnerability stemmed from improper input validation of the :path pseudoheader in HTTP/2, which could lead to...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:47 p.m.5 views

CVE-2026-22732

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...

9.1CVSS5.8AI score0.0048EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2026/03/19 10:47 p.m.26 views

CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...

9.1CVSS0.0048EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/03/19 10:7 p.m.20 views

CVE-2026-32034 OpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTP

OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...

8.1CVSS0.00381EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:7 p.m.2 views

CVE-2026-32034

OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...

6.8CVSS5.8AI score0.00381EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/19 9:30 p.m.7 views

EUVD-2026-13148

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

5.8AI score0.03002EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/19 8:46 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.Server.Kestrel.Core is a core components of ASP.NET Core Kestrel cross-platform web server. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an incorrect exit condition in the HTTP/3 Encoder/Decoder strea...

8.7CVSS5.8AI score0.03002EPSS
Exploits1References2
NVD
NVD
added 2026/03/19 7:16 p.m.6 views

CVE-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

7.5CVSS0.03002EPSS
Exploits1References3
Rows per page
Query Builder