Lucene search
K

103222 matches found

Debian
Debian
added 2026/03/11 10:20 p.m.14 views

[SECURITY] [DSA 6160-1] netty security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6160-1 [email protected] https://www.debian.org/security/ Markus Koschany March 11, 2026 https://www.debian.org/security/faq -...

8.2CVSS5.8AI score0.01617EPSS
Exploits5
ATTACKERKB
ATTACKERKB
added 2026/03/11 9:42 p.m.3 views

CVE-2026-32136

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext h2c. Once the upgrade is accepted, the resulting...

9.8CVSS5.8AI score0.00735EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2026/03/11 9:42 p.m.18 views

CVE-2026-32136

AdGuard Home (network-wide ad/blocking software) contains a authentication bypass vulnerability CVE-2026-32136. Before 0.107.73, an unauthenticated remote attacker can trigger an HTTP/1.1 upgrade to h2c; after the upgrade is accepted, the inner mux handles subsequent HTTP/2 requests without authe...

9.8CVSS5.8AI score0.00735EPSS
Exploits2References1Affected Software1
EUVD
EUVD
added 2026/03/11 8:46 p.m.4 views

EUVD-2026-11387

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting XSS in the Graphical Pain Map "clickmap" form allows any authenticated clinician to inject arbitrary JavaScript that executes in the browser of...

5.4CVSS5.8AI score0.00282EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/11 6:44 p.m.3 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized header or query parameter match values in the HTTPRoute resource. An attacker can bypass listener hostname constraints and...

7.6CVSS5.8AI score0.00277EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/11 6:44 p.m.6 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized header or query parameter match values in the HTTPRoute resource. An attacker can bypass listener hostname constraints and...

7.6CVSS7.2AI score0.00277EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 6:32 p.m.5 views

CVE-2026-31878 Frappe: Possible SSRF by any authenticated user

Frappe is a full-stack web application framework. Prior to 14.100.1, 15.100.0, and 16.6.0, a malicious user could send a crafted request to an endpoint which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 14.100.1, 15.100.0, and 16.6...

5CVSS5.8AI score0.00184EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 6:23 p.m.2 views

CVE-2019-25478

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make i...

8.7CVSS6.1AI score0.00492EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/11 6:0 p.m.4 views

UBUNTU-CVE-2026-3783

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

5.3CVSS7.3AI score0.00333EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/03/11 5:28 p.m.4 views

SUSE CVE-2025-14822

Mattermost versions 10.11.x = 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens...

6.5CVSS5.8AI score0.00318EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/11 3:54 p.m.28 views

CVE-2026-29777 Traefik has a kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...

6.1CVSS0.00277EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 2:49 p.m.3 views

EUVD-2026-11201

Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values...

6.1CVSS5.8AI score0.00277EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 2:49 p.m.5 views

GHSA-8Q2W-WR49-WHQJ Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values

Summary There is a potential vulnerability in Traefik's Kubernetes Gateway provider related to rule injection. A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. ...

6.1CVSS5.8AI score0.00277EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/11 12:43 p.m.1 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the urlmatchproxyuse function used by the CONNECT operation for an HTTP proxy connection. An attacker in control of an already-authenticated connection can authenticate using its credentials ...

6.5CVSS5.8AI score0.00302EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/03/11 12:0 p.m.4 views

acril (=0.1.0), acril-http (=0.1.0) +883 more potentially affected by unknown CVE via http-types (>=1.3.1 <=2.12.0)

http-types CARGO version =1.3.1, =4.0.0, =0.1.0, =0.1.0, =0.3.0, =0.10.0, =0.3.0, =0.1.0, =0.1.0, =0.6.0, =0.0.1, =0.0.6 - aquadoggo =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0174...

5.7AI score
Exploits0
OSV
OSV
added 2026/03/11 11:16 a.m.6 views

DEBIAN-CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

6.5CVSS7.2AI score0.00302EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/11 10:8 a.m.4 views

CVE-2026-1965 bad reuse of HTTP Negotiate connection

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

5.8AI score0.00259EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/03/11 10:8 a.m.6 views

CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.5CVSS5.8AI score0.00259EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 10:8 a.m.27 views

CVE-2026-1965 bad reuse of HTTP Negotiate connection

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

0.00259EPSS
Exploits0References2
Veracode
Veracode
added 2026/03/11 7:39 a.m.6 views

Denial Of Service (DoS)

Node.js is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of malformed HTTP/2 HEADERS frames containing invalid HPACK data, which can trigger an unhandled TLSSocket ECONNRESET error and cause the Node.js process to crash, enabling remote denial of service...

7.5CVSS5.8AI score0.03782EPSS
Exploits0References21Affected Software1
Rows per page
Query Builder