Lucene search
K

103220 matches found

Vulnrichment
Vulnrichment
added 2026/03/17 9:42 p.m.4 views

CVE-2026-32838 Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data...

8.7CVSS5.8AI score0.00142EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/17 8:33 p.m.9 views

AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy

Summary The plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location header, the redirect target is fetched via fakeBrowser without...

8.6CVSS5.9AI score0.00453EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/17 8:16 p.m.2 views

UBUNTU-CVE-2026-4359

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver...

3.7CVSS5.8AI score0.00187EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/03/17 7:57 p.m.7 views

Security update for curl

This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. CVE-2026-3805: use after free in SMB connection...

7.5CVSS5.8AI score0.00715EPSS
Exploits4References16
CVE
CVE
added 2026/03/17 7:42 p.m.22 views

CVE-2026-4359

MongoDB C driver is affected by CVE-2026-4359: a compromised cloud server or MITM can send a malformed HTTP response that causes a crash in applications using the driver. Affected component: the MongoDB C driver’s HTTP response handling. Root cause: malformed HTTP response handling leading to a c...

3.7CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/17 7:42 p.m.1 views

CVE-2026-4359

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver...

2CVSS5.8AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/17 7:42 p.m.3 views

Improper Null Termination

Overview Affected versions of this package are vulnerable to Improper Null Termination due to insufficient check of HTTP response parsing. An attacker can cause application crashes by sending specially crafted malformed HTTP responses. Note: This is only exploitable if the application connects to...

3.7CVSS5.9AI score0.00187EPSS
Exploits0References2
MongoDB
MongoDB
added 2026/03/17 7:42 p.m.9 views

Heap-buffer-over-read in _mongoc_http_send via strstr on non-null-terminated buffer

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver...

3.7CVSS5.1AI score0.00187EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/03/17 6:39 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the DefaultHtmlErrorResponseBodyProvider class. An attacker can exhaust heap memory and cause a crash by sending requests that trigger exceptions with attacker-controlled messages...

8.7CVSS5.8AI score0.00561EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/17 6:39 p.m.7 views

io.micronaut.aws:micronaut-aws-alexa-httpserver (=5.0.0-M1), io.micronaut.aws:micronaut-function-aws-api-proxy (=5.0.0-M1) +38 more potentially affected by CVE-2026-33012 via io.micronaut:micronaut-http-server (>=5.0.0-M1 <=5.0.0-M15)

io.micronaut:micronaut-http-server MAVEN version =5.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M2 and more Source cves: CVE-2026-33012 Source advisory: SNYK:JAVA-IOMICRONAUT-15678683...

7.5CVSS5.8AI score0.00561EPSS
Exploits0
EUVD
EUVD
added 2026/03/17 4:17 p.m.6 views

EUVD-2026-12704

Next.js: HTTP request smuggling in rewrites...

6.3CVSS5.8AI score0.00427EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/17 12:46 p.m.3 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the http/2 server implementation. An attacker can cause application instability or crashes by sending specially crafted HTTP/2 requests that trigger authentication failures, leading to access of freed memory. Note: Thi...

8.6CVSS5.8AI score0.00829EPSS
Exploits1References2
NVD
NVD
added 2026/03/17 12:16 p.m.8 views

CVE-2026-4271

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS0.00829EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/03/17 12:16 p.m.2 views

CVE-2026-4271

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.9AI score0.00829EPSS
Exploits1References2
OSV
OSV
added 2026/03/17 12:16 p.m.4 views

UBUNTU-CVE-2026-4271

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.8AI score0.00829EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/17 11:14 a.m.2 views

CVE-2026-4271 Libsoup: libsoup: denial of service via use-after-free in http/2 server

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

5.3CVSS5.8AI score0.00829EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/03/17 11:14 a.m.4 views

CVE-2026-4271

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.7AI score0.00829EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/17 11:14 a.m.4 views

CVE-2026-4271

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.8AI score0.00829EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2026/03/17 11:14 a.m.3 views

CVE-2026-4271

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.5AI score0.00829EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/03/17 10:46 a.m.4 views

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS5.7AI score0.00463EPSS
Exploits0References7
Rows per page
Query Builder