Lucene search
K

103221 matches found

OSV
OSV
added 2026/03/18 10:1 a.m.4 views

OPENSUSE-SU-2026:20384-1 Security update for libsoup

This update for libsoup fixes the following issues: Update to libsoup 3.6.6: - CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion bsc1252555. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049:...

9.1CVSS7AI score0.00728EPSS
Exploits2References18
SUSE Linux
SUSE Linux
added 2026/03/18 9:15 a.m.11 views

Security update for tomcat

This update for tomcat fixes the following issues: CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comman...

6.5CVSS7.5AI score0.00494EPSS
Exploits0References4
OSV
OSV
added 2026/03/18 9:15 a.m.4 views

SUSE-SU-2026:0922-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385...

6.5CVSS5.8AI score0.00494EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 8:54 a.m.8 views

BIT-PYTHON-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

7.5CVSS5.8AI score0.00419EPSS
Exploits0References7
SUSE Linux
SUSE Linux
added 2026/03/18 8:52 a.m.7 views

Security update for curl

This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. Patch Instructions: To install this SUSE update...

7.5CVSS5.7AI score0.00333EPSS
Exploits2References12
OSV
OSV
added 2026/03/18 8:45 a.m.1 views

BIT-LIBPYTHON-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

7.5CVSS5.8AI score0.00419EPSS
Exploits0References7
NVD
NVD
added 2026/03/18 8:16 a.m.10 views

CVE-2026-22322

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

7.1CVSS0.00253EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/18 7:33 a.m.4 views

CVE-2026-22317

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...

7.2CVSS6.1AI score0.00999EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/18 7:33 a.m.36 views

CVE-2026-22317 Command Injection Vulnerability in Root CA Certificate Transfer Workflow

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...

7.2CVSS0.00999EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/18 3:23 a.m.4 views

CVE-2026-4359

A flaw was found in mongo-c-driver. A compromised third-party cloud server or a man-in-the-middle MITM attacker could send a malformed HTTP response. This could cause applications using the MongoDB C driver to crash, leading to a Denial of Service...

5.9CVSS5.7AI score0.00187EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/18 12:30 a.m.5 views

CVE-2026-29057 Next.js: HTTP request smuggling in rewrites

Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary...

6.3CVSS5.9AI score0.00427EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.3 views

PT-2026-26206

Name of the Vulnerable Software and Affected Versions HAPI FHIR versions prior to 6.9.0 Description HAPI FHIR, a Java implementation of the HL7 FHIR standard, is affected by an issue where HTTP headers, potentially containing privacy-sensitive information, are sent to both the initial host and an...

7.5CVSS5.5AI score0.00264EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.5 views

PT-2026-26187

Impact This is an Improper Error Handling vulnerability with Information Exposure implications. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leaks intern...

6.9CVSS5.8AI score0.00282EPSS
Exploits1References10
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/18 12:0 a.m.7 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/18 12:0 a.m.6 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/18 12:0 a.m.6 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/18 12:0 a.m.9 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
NVD
NVD
added 2026/03/17 11:16 p.m.4 views

CVE-2026-21994

Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects component: Desktop. The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

9.8CVSS0.00448EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/17 9:42 p.m.16 views

CVE-2026-32838 Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data...

8.7CVSS0.00142EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/17 9:42 p.m.4 views

CVE-2026-32838 Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data...

8.7CVSS5.8AI score0.00142EPSS
Exploits0References3
Rows per page
Query Builder