Lucene search
K

103222 matches found

OSV
OSV
added 2026/03/15 5:52 a.m.5 views

OESA-2026-1545 wireshark security update

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. Security Fixes: Wireshark ...

7.5CVSS5.8AI score0.00206EPSS
Exploits6References7
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.6 views

PT-2026-25545

A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /ping response.cgi of the component HTTP POST Request Handler. The manipulation of the argument ping ipaddr results in stack-based buffer overflow. The attack may be performed from remote. The...

8.6CVSS6.5AI score0.00612EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-23941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This...

9.4CVSS7.1AI score0.00528EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.8 views

openSUSE 16 Security Update : libsoup2 (openSUSE-SU-2026:20354-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20354-1 advisory. - CVE-2025-4476: null pointer dereference may lead to denial of service bsc1243422. - CVE-2025-14523: Duplicate Host Header Handling Causes...

9.1CVSS7.4AI score0.00728EPSS
Exploits3References33
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.3 views

openSUSE 16 Security Update : tomcat (openSUSE-SU-2026:20350-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20350-1 advisory. Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733:...

9.1CVSS7.1AI score0.00498EPSS
Exploits0References10
OSV
OSV
added 2026/03/14 4:49 p.m.13 views

CLSA-2026-1773506968 java-1.8.0-openjdk: Fix of 5 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u482-b08. That fixes following CVEs: - CVE-2025-53057: Security: enforce proper access control in certificate handling to prevent data tampering - CVE-2025-53066: JAXP: restrict data access in Path Factory processing to prevent information...

7.5CVSS5.8AI score0.00864EPSS
Exploits1References1
CloudLinux
CloudLinux
added 2026/03/14 4:49 p.m.10 views

java-1.8.0-openjdk: Fix of 5 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u482-b08. That fixes following CVEs: - CVE-2025-53057: Security: enforce proper access control in certificate handling to prevent data tampering - CVE-2025-53066: JAXP: restrict data access in Path Factory processing to prevent information...

7.5CVSS6.7AI score0.00864EPSS
Exploits1
OSV
OSV
added 2026/03/14 4:40 p.m.11 views

CLSA-2026-1773506438 java-1.8.0-openjdk: Fix of 5 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u482-b08. That fixes following CVEs: - CVE-2025-53057: Security: enforce proper access control in certificate handling to prevent data tampering - CVE-2025-53066: JAXP: restrict data access in Path Factory processing to prevent information...

7.5CVSS5.8AI score0.00864EPSS
Exploits1References1
OSV
OSV
added 2026/03/14 12:33 a.m.5 views

MGASA-2026-0056 Updated tomcat packages fix security vulnerabilities

Client certificate verification bypass due to virtual host mapping. CVE-2025-66614 Security constraint bypass with HTTP/0.9. CVE-2026-24733 OCSP revocation bypass. CVE-2026-24734...

9.1CVSS5.8AI score0.00498EPSS
Exploits0References3
Mageia
Mageia
added 2026/03/14 12:33 a.m.7 views

Updated tomcat packages fix security vulnerabilities

Client certificate verification bypass due to virtual host mapping. CVE-2025-66614 Security constraint bypass with HTTP/0.9. CVE-2026-24733 OCSP revocation bypass. CVE-2026-24734...

9.1CVSS7.6AI score0.00498EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/14 12:24 a.m.5 views

SUSE CVE-2026-32240

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/14 12:0 a.m.3 views

SUSE SLED15 / SLES15 Security Update : dnsdist (SUSE-SU-2026:0888-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0888-1 advisory. Update to dnsdist 1.9.11: - CVE-2025-8671: Add mitigations for the HTTP/2 MadeYouReset attack bsc1253852. -...

7.5CVSS5.9AI score0.04604EPSS
Exploits3References8
EUVD
EUVD
added 2026/03/13 9:31 p.m.4 views

EUVD-2026-11713

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that leads to a reboot of the device, provided they hav...

7.5CVSS5.8AI score0.00483EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/13 9:31 p.m.6 views

EUVD-2025-208653

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

3.1CVSS5.8AI score0.00205EPSS
Exploits0References2
CVE
CVE
added 2026/03/13 8:43 p.m.9 views

CVE-2026-2491

CVE-2026-2491 : Socomec DIRIS A-40 HTTP API Authentication Bypass. The web API (default port 80) lacks authentication, enabling network-adjacent attackers to bypass auth and access functionality on affected DIRIS A-40 power monitoring devices. Root cause is missing authentication prior to exposin...

6.3CVSS6.7AI score0.00388EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/13 8:43 p.m.5 views

CVE-2026-2491 Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability

Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw...

6.3CVSS5.9AI score0.00388EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/13 8:41 p.m.2 views

EUVD-2026-11701

Undici has CRLF Injection in undici via upgrade option...

4.6CVSS5.8AI score0.00256EPSS
Exploits0References4
NVD
NVD
added 2026/03/13 7:54 p.m.7 views

CVE-2026-31882

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication DAGUAUTHMODE=basic, all Server-Sent Events SSE endpoints are accessible without any credentials. This allows unauthenticated attackers to access real-time DAG...

7.5CVSS0.00778EPSS
Exploits1References4
OSV
OSV
added 2026/03/13 7:54 p.m.6 views

DEBIAN-CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

9.4CVSS7.3AI score0.00528EPSS
Exploits0References1
OSV
OSV
added 2026/03/13 7:54 p.m.3 views

CVE-2026-22209

thingino-firmware up to commit e3f6a41 published on 2026-03-15 contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to execute arbitrary commands as root by injecting malicious code through unsanitized HTTP parameter...

8.8CVSS6.7AI score
Exploits0References2
Rows per page
Query Builder