Lucene search
+L

917 matches found

nessus
nessus
added 6 days ago7 views

FreeBSD : Apache HttpClient -- misinterpret malformed authority component (fa0c03dd-7c3a-11f1-8dc2-dca632daf43b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fa0c03dd-7c3a-11f1-8dc2-dca632daf43b advisory. Apache Software Foundation reports: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can...

5.3CVSS6.7AI score0.08665EPSS
Exploits1References3
nessus
nessus
added 2026/06/18 12:0 a.m.10 views

Siemens RUGGEDCOM RST2428P Insertion of Sensitive Information Into Sent Data (CVE-2025-66035)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...

7.7CVSS6.3AI score0.00584EPSS
Exploits0References4
github
github
added 2026/06/15 8:19 p.m.25 views

tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)

Tornado's gzip decompression routines work in limited-size chunks, but have no overall limit for the total size of decompressed chunks that they will accumulate There has always been a limit for the total compressed size. This allows a malicious server to consume effectively unlimited amounts of...

7.5CVSS5.4AI score0.00691EPSS
Exploits0References2Affected Software1
githubexploit
githubexploit
added 2026/05/28 8:38 a.m.347 views

osv-java-poc

OSV Scanner CVE Detection POC — Vulnerable Java App ⚠️ WA...

10CVSS7.2AI score0.99999EPSS
Exploits478
ptsecurity
ptsecurity
added 2026/05/15 12:0 a.m.9 views

PT-2026-41374

Name of the Vulnerable Software and Affected Versions @angular/platform-server versions prior to 22.0.0-next.12 @angular/platform-server versions prior to 21.2.13 @angular/platform-server versions prior to 20.3.21 @angular/platform-server versions prior to 19.2.22 Description A Server-Side Reques...

8.8CVSS5.8AI score0.00221EPSS
Exploits0References8
snyk
snyk
added 2026/05/08 11:47 p.m.6 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the SignedPublicKeysTrustValidatorImpl.isTrusted function. An attacker can bypass signature verification and gain unauthorized access by providing any structurally valid ECDSA signature, as the boolea...

8.6CVSS5.5AI score0.00121EPSS
Exploits0References2
osv
osv
added 2026/05/08 1:6 p.m.4 views

CVE-2026-41423 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...

8.7CVSS5.9AI score0.00304EPSS
Exploits0References5
nessus
nessus
added 2026/04/29 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-40542

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper...

7.3CVSS5.9AI score0.00456EPSS
Exploits0References2
veracode
veracode
added 2026/04/28 5:26 p.m.16 views

Improper Authentication

Apache HttpClient is vulnerable to Improper Authentication. The vulnerability is due to a missing verification step in SCRAM-SHA-256 authentication, which allows an attacker to bypass proper mutual authentication checks and be accepted by the client...

7.3CVSS5.3AI score0.00456EPSS
Exploits0References8Affected Software1
susecve
susecve
added 2026/04/23 1:23 a.m.8 views

SUSE CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.7AI score0.00456EPSS
Exploits0References3
vulnersosv
vulnersosv
added 2026/04/22 9:31 a.m.7 views

org.apache.httpcomponents.client5:httpclient5-cache (=5.6-alpha1), org.apache.httpcomponents.client5:httpclient5-fluent (=5.6-alpha1) +2 more potentially affected by CVE-2026-40542 via org.apache.httpcomponents.client5:httpclient5 (=5.6-alpha1)

org.apache.httpcomponents.client5:httpclient5 MAVEN version =5.6-alpha1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.httpcomponents.client5:httpclient5 and may be impacted: - org.apache.httpcomponents.client5:httpclient5-cache =5.6-alpha1...

7.3CVSS5.8AI score0.00456EPSS
Exploits0
euvd
euvd
added 2026/04/22 9:31 a.m.7 views

EUVD-2026-24630

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.7AI score0.00456EPSS
Exploits0References2
osv
osv
added 2026/04/22 9:31 a.m.6 views

GHSA-V468-QCJX-R72W Apache HttpClient accepts SCRAM-SHA-256 authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.8AI score0.00456EPSS
Exploits0References5
nvd
nvd
added 2026/04/22 8:16 a.m.13 views

CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS0.00456EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2026/04/22 8:16 a.m.4 views

CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.8AI score0.00456EPSS
Exploits0References2
osv
osv
added 2026/04/22 8:16 a.m.5 views

UBUNTU-CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.8AI score0.00456EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/04/22 7:7 a.m.6 views

CVE-2026-40542 Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

5.7AI score0.00456EPSS
Exploits0References1
osv
osv
added 2026/04/22 7:7 a.m.3 views

CVE-2026-40542 Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.9AI score0.00456EPSS
Exploits0References8
debiancve
debiancve
added 2026/04/22 7:7 a.m.15 views

CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.3AI score0.00456EPSS
Exploits0
cvelist
cvelist
added 2026/04/22 7:7 a.m.36 views

CVE-2026-40542 Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

0.00456EPSS
Exploits0References1
Rows per page
Query Builder