Lucene search
+L

130 matches found

UbuntuCve
UbuntuCve
added 2026/03/06 7:16 p.m.2 views

CVE-2025-69649

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into displayrelocations, resulting in a segmentation fault SIGSEGV and...

7.5CVSS5.9AI score0.00256EPSS
Exploits1References3
OSV
OSV
added 2026/03/06 5:50 p.m.13 views

CVE-2026-3419 Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation

Fastify incorrectly accepts malformed Content-Type headers containing trailing characters after the subtype token, in violation of RFC 9110 §8.3.1https://httpwg.org/specs/rfc9110.htmlfield.content-type. For example, a request sent with Content-Type: application/json garbage passes validation and ...

5.3CVSS5.9AI score0.00351EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.5 views

PT-2026-23739

Name of the Vulnerable Software and Affected Versions GNU Binutils versions through 2.46 Description The software contains a flaw where a null pointer dereference can occur when processing a specially crafted ELF binary with incorrectly formatted header fields. This happens during relocation...

5.5CVSS5.8AI score0.00256EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/26 1:45 a.m.2 views

CVE-2026-27959 Koa has Host Header Injection via `ctx.hostname`

Koa is middleware for Node.js using ES2017 async functions. Prior to versions 3.1.2 and 2.16.4, Koa's ctx.hostname API performs naive parsing of the HTTP Host header, extracting everything before the first colon without validating the input conforms to RFC 3986 hostname syntax. When a malformed...

7.5CVSS5.9AI score0.00334EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2026/02/20 12:0 a.m.163 views

📄 Apache Traffic Server 9.2.5 Denial of Service

Proof of concept remote denial of service exploit for Apache Traffic Server versions 9.2.0 through 9.2.5 that leverages the host header. ============================================================================================================================================= | Title : Apache...

7.5CVSS5.4AI score0.00941EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.9 views

PT-2026-43329

Name of the Vulnerable Software and Affected Versions Starlette versions prior to 1.0.1 Description Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework, fails to validate the HTTP Host request header before using it to reconstruct the request.url. While the routing...

6.5CVSS6.8AI score0.01438EPSS
Exploits2References309
Github Security Blog
Github Security Blog
added 2026/01/21 1:5 a.m.15 views

Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash

Impact A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace...

5.3CVSS5.7AI score0.00392EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/01/21 1:5 a.m.4 views

GHSA-MVPQ-2V8X-WW6G Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash

Impact A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace...

5.3CVSS5.8AI score0.00392EPSS
Exploits0References6
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/21 12:0 a.m.11 views

Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash

A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace Context...

5.3CVSS5.6AI score0.00392EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/21 12:0 a.m.11 views

Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash

A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace Context...

5.3CVSS5.6AI score0.00392EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/20 9:22 p.m.5 views

CVE-2026-23886

Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol OTLP backend for Swift Log, Swift Metrics, and Swift Distributed Tracing. Prior to Swift W3C TraceContext version 1.0.0-beta.5 and Swift OTel version 1.0.4, a...

5.3CVSS5.7AI score0.00392EPSS
Exploits0References1
NVD
NVD
added 2026/01/19 9:15 p.m.9 views

CVE-2026-23886

Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol OTLP backend for Swift Log, Swift Metrics, and Swift Distributed Tracing. Prior to Swift W3C TraceContext version 1.0.0-beta.5 and Swift OTel version 1.0.4, a...

5.3CVSS0.00392EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/19 9:1 p.m.5 views

CVE-2026-23886

Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol OTLP backend for Swift Log, Swift Metrics, and Swift Distributed Tracing. Prior to Swift W3C TraceContext version 1.0.0-beta.5 and Swift OTel version 1.0.4, a...

5.3CVSS5.7AI score0.00392EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/01/19 9:1 p.m.14 views

CVE-2026-23886

The CVE-2026-23886 affects the Swift W3C TraceContext component and the Swift OTel OTLP backend when used together; versions prior to 1.0.0-beta.5 (TraceContext) and 1.0.4 (OTel) are vulnerable to a denial-of-service via malformed HTTP headers that fail input validation and can crash the process ...

5.3CVSS5.7AI score0.00392EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/19 9:1 p.m.6 views

CVE-2026-23886 Swift W3C TraceContext has malformed HTTP header that can cause a crash

Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol OTLP backend for Swift Log, Swift Metrics, and Swift Distributed Tracing. Prior to Swift W3C TraceContext version 1.0.0-beta.5 and Swift OTel version 1.0.4, a...

5.3CVSS5.7AI score0.00392EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.13 views

PT-2026-3508

Name of the Vulnerable Software and Affected Versions Swift W3C TraceContext versions prior to 1.0.0-beta.5 Swift OTel versions prior to 1.0.4 Description A flaw exists in Swift W3C TraceContext and Swift OTel due to insufficient input validation. This can lead to a denial-of-service condition,...

5.3CVSS5.4AI score0.00392EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/01/07 4:4 p.m.42 views

CVE-2025-12543 Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

9.6CVSS0.01179EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/01/07 9:38 a.m.11 views

CVE-1999-0798

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type...

10CVSS7.2AI score0.01641EPSS
Exploits0References1
OSV
OSV
added 2025/12/04 10:37 p.m.5 views

CVE-2025-66564 Sigstore Timestamp Authority allocates excessive memory during request parsing

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS6.7AI score0.00411EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2003-1044

Malware in sbrugna...

5CVSS6.2AI score0.07124EPSS
Exploits1References6
Rows per page
Query Builder