Lucene search
K

103221 matches found

OSV
OSV
added 2026/03/13 7:54 p.m.3 views

CVE-2026-22209

thingino-firmware up to commit e3f6a41 published on 2026-03-15 contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to execute arbitrary commands as root by injecting malicious code through unsanitized HTTP parameter...

8.8CVSS6.7AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.3 views

CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

9.4CVSS5.9AI score0.00528EPSS
Exploits0References6
OSV
OSV
added 2026/03/13 7:54 p.m.4 views

UBUNTU-CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

9.4CVSS5.8AI score0.00528EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/13 6:22 p.m.28 views

CVE-2025-14811 IBM Sterling Partner Engagement Manager Information Disclosure

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

3.1CVSS0.00205EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 6:22 p.m.12 views

CVE-2025-14811

IBM Sterling Partner Engagement Manager (Essentials: 6.2.3.0–6.2.3.5; 6.2.4.0–6.2.4.2; Standard: 6.2.3.0–6.2.3.5; 6.2.4.0–6.2.4.2) contains an information disclosure vulnerability. An attacker could obtain sensitive information from the query string of HTTP GET requests, potentially leveraging ma...

5.9CVSS7.1AI score0.00205EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/13 3:18 p.m.2 views

SUSE CVE-2019-25355

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal...

8.7CVSS5.8AI score0.01206EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/13 3:5 p.m.7 views

Dagu: SSE Authentication Bypass in Basic Auth Mode

SSE Authentication Bypass in Basic Auth Mode Summary When Dagu is configured with HTTP Basic authentication DAGUAUTHMODE=basic, all Server-Sent Events SSE endpoints are accessible without any credentials. This allows unauthenticated attackers to access real-time DAG execution data, workflow...

7.5CVSS6AI score0.00778EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/13 11:50 a.m.7 views

CVE-2026-32239

A flaw was found in the KJ-HTTP component of Cap’n Proto. When processing HTTP messages, a negative Content-Length value could be implicitly converted to an unsigned integer, resulting in an extremely large length value. An attacker could exploit this behavior by sending specially crafted HTTP...

6.5CVSS5.7AI score0.00207EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/13 9:11 a.m.8 views

EUVD-2026-11776

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

7CVSS5.8AI score0.00528EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:11 a.m.4 views

CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

7CVSS5.8AI score0.00528EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2026/03/13 9:11 a.m.5 views

CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

9.4CVSS7.3AI score0.00528EPSS
Exploits0
CVE
CVE
added 2026/03/13 9:11 a.m.87 views

CVE-2026-23941

CVE-2026-23941 - Erlang OTP inets httpd HTTP Request Smuggling Technical details in connected documents describe a vulnerability in Erlang OTP’s inets httpd module (httpd_request.erl, httpd_request:parse_headers/7) where the server does not reject or normalize duplicate Content-Length headers. Th...

9.4CVSS5.8AI score0.00528EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2026/03/13 8:57 a.m.4 views

SUSE-SU-2026:0890-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.52: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation...

9.1CVSS5.6AI score0.00498EPSS
Exploits0References7
OSV
OSV
added 2026/03/13 8:41 a.m.3 views

OPENSUSE-SU-2026:20354-1 Security update for libsoup2

This update for libsoup2 fixes the following issues: - CVE-2025-4476: null pointer dereference may lead to denial of service bsc1243422. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049: Denial of Service attack to websocket server...

9.1CVSS8.1AI score0.00728EPSS
Exploits3References22
OSV
OSV
added 2026/03/13 7:8 a.m.5 views

SUSE-SU-2026:0888-1 Security update for dnsdist

This update for dnsdist fixes the following issues: Update to dnsdist 1.9.11: - CVE-2025-8671: Add mitigations for the HTTP/2 MadeYouReset attack bsc1253852. - CVE-2025-30187: denial of service via crafted DoH exchange bsc1250054...

7.5CVSS5.8AI score0.04604EPSS
Exploits3References6
OSV
OSV
added 2026/03/13 12:0 a.m.3 views

OPENSUSE-SU-2026:10349-1 ruby4.0-rubygem-http-cookie-1.0.8-1.3 on GA media

These are all security issues fixed in the ruby4.0-rubygem-http-cookie-1.0.8-1.3 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.0613EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.8 views

PT-2026-25340

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

3.1CVSS5.8AI score0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.13 views

PT-2026-25163

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 and 27.3.4.9 inets versions 5.10 through 9.6.1 inets versions 9.1.0.5 and 9.3.2.3 Description An inconsistent interpretation of HTTP requests, specifically 'HTTP Request...

9.7CVSS7.2AI score0.00528EPSS
Exploits0References56
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.7 views

SAP NetWeaver AS Java Multiple Vulnerabilities (3700960)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a affected by a multiple vulnerabilities as disclosed in the SAP Security Patch Day March 2026: - An application trying to decrypt CMS messages encrypted using password based encryption can trigger an...

7.5CVSS6.9AI score0.02016EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-32239

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References4
Rows per page
Query Builder