Lucene search
K

103220 matches found

Redos
Redos
added 2026/03/19 12:0 a.m.4 views

ROS-20260319-73-0002

A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already established network connection, without opening new network connections and without acknowledging the receipt of packets. Exploitation of the vulnerability could allo...

7.5CVSS7.3AI score0.99999EPSS
Exploits19
NVD
NVD
added 2026/03/18 9:16 p.m.8 views

CVE-2026-25873

OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle deserialization of request bodies to achieve code...

9.8CVSS0.01077EPSS
Exploits0References7
OSV
OSV
added 2026/03/18 8:11 p.m.6 views

GHSA-5RVC-5CWX-G5X8 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques

Impact This is an Improper Error Handling vulnerability with Information Exposure implications, combined with an HTTP Method Translation issue. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with ...

8.7CVSS5.7AI score0.00321EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/18 8:11 p.m.14 views

free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques

Impact This is an Improper Error Handling vulnerability with Information Exposure implications, combined with an HTTP Method Translation issue. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with ...

8.7CVSS5.7AI score0.00321EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/03/18 8:10 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the processing of HTTP/2 :path pseudo-headers in handleStream. An attacker can gain unauthorized access to restricted resources by sending requests with malformed :path headers that omit the leading slash. Thi...

9.3CVSS5.8AI score0.01557EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 8:7 p.m.4 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in HTTPResult in SimpleHTTPClient.java, when following redirects. An attacker can obtain the contents of "Location: response" headers included in client redirects...

7.8CVSS5.8AI score0.00264EPSS
Exploits0References2
OSV
OSV
added 2026/03/18 8:7 p.m.6 views

GHSA-P7M9-V2CM-2H7M HAPI FHIR HTTP authentication leak in redirects

Impact When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of...

9.8CVSS5.8AI score0.00264EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 8:6 p.m.5 views

GHSA-7G27-V5WJ-JR75 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference

Impact This is a NULL Pointer Dereference vulnerability leading to Denial of Service. - Security Impact: A remote attacker can cause the UDM service to panic and crash by sending a crafted POST request to the /sdm-subscriptions endpoint with a malformed URL path containing path traversal sequence...

8.7CVSS5.8AI score0.00486EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2026/03/18 5:53 p.m.2 views

CVE-2026-32633

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri...

9.1CVSS5.8AI score0.00472EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/03/18 5:51 p.m.337 views

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 — Apache HTTP Server 2.4.49 Path Traversal / RC...

9.8CVSS7.7AI score0.99992EPSS
Exploits148
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/18 4:8 p.m.4 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in urllib3 (CVE-2026-21441, CVE-2025-66471)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-21441, CVE-2025-66471 reported for urllib3. Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTT...

8.9CVSS6.8AI score0.02667EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/18 2:42 p.m.11 views

Security Bulletin: IBM HTTP Server shipped with IBM OpenPages is vulnerable to multiple vulnerabilities

Summary IBM HTTP Server used by IBM WebSphere Application Server, that is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. These products have addressed the applicable CVEs. For a...

8.3CVSS6.2AI score0.015EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/03/18 1:17 p.m.4 views

netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

8.2CVSS6.8AI score0.00979EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/03/18 1:17 p.m.6 views

netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

8.2CVSS6.8AI score0.00979EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2026/03/18 1:2 p.m.121 views

SQLInject

Sqlinject 💉 Advanced SQL Injection Scanner with WAF Bypass...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/18 12:54 p.m.132 views

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 — Apache Path Traversal & RCE Internship Tas...

9.8CVSS7.6AI score0.99992EPSS
Exploits148
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/18 12:50 p.m.5 views

Malicious code in express-http-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2471851d15cff5d3bc09d823660e1bebf3aee789535bf81e4f71c1ed6fa1fd86 The package express-http-validator was found to contain malicious code...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/18 12:50 p.m.2 views

MAL-2026-1731 Malicious code in express-http-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2471851d15cff5d3bc09d823660e1bebf3aee789535bf81e4f71c1ed6fa1fd86 The package express-http-validator was found to contain malicious code...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/18 12:37 p.m.7 views

Malicious code in abstract-http-request (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84130e04f5582700fd6841f67e465fb571518a710f3257fae0990653bf08aa92 The package abstract-http-request was found to contain malicious code...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/18 12:37 p.m.10 views

MAL-2026-1646 Malicious code in abstract-http-request (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84130e04f5582700fd6841f67e465fb571518a710f3257fae0990653bf08aa92 The package abstract-http-request was found to contain malicious code...

5.8AI score
Exploits0
Rows per page
Query Builder