Lucene search
K

12 matches found

NVD
NVD
added 2026/04/24 3:16 a.m.3 views

CVE-2026-33318

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...

8.8CVSS0.00472EPSS
Exploits1References2
NVD
NVD
added 2026/03/17 10:16 a.m.7 views

CVE-2026-3633

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the soupmessagenew function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF Carriage Return Line Feed injection, occurs because the method value is not properly...

6.5CVSS0.00223EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.11 views

CVE-2023-25753

There exists an SSRF Server-Side Request Forgery vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular concern is our ability...

6.5CVSS6.9AI score0.00838EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-26137

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the...

6.5CVSS7.1AI score0.02269EPSS
Exploits0References2
OSV
OSV
added 2023/11/29 8:15 p.m.2 views

DEBIAN-CVE-2023-49082

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if th...

5.3CVSS6.1AI score0.0094EPSS
Exploits1References1
OSV
OSV
added 2023/11/29 8:15 p.m.2 views

UBUNTU-CVE-2023-49082

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if th...

5.3CVSS6.3AI score0.0094EPSS
Exploits1References7
PyPA
PyPA
added 2023/11/29 8:15 p.m.5 views

PYSEC-2023-251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if th...

5.3CVSS6.7AI score0.0094EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/27 11:17 p.m.52 views

aiohttp's ClientSession is vulnerable to CRLF injection via method

Summary Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. Details The vulnerability occurs only if the attacker can control the HTTP method GET, POST etc. of the...

5.3CVSS4.9AI score0.0094EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/19 9:30 a.m.31 views

Apache Shenyu Server Side Request Forgery vulnerability

There exists an SSRF Server-Side Request Forgery vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular concern is our ability...

6.5CVSS6.6AI score0.00838EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichment
added 2023/10/19 8:35 a.m.13 views

CVE-2023-25753 Server-Side Request Forgery in Apache ShenYu

There exists an SSRF Server-Side Request Forgery vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular concern is our ability...

6.9AI score0.00838EPSS
Exploits0References1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/24 12:0 a.m.6 views

Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio

Duplicate advisory This advisory has been withdrawn because it is a duplicate of GHSA-9324-jv53-9cc8. This link is maintained to preserve external references. Original Description The dio package prior to 5.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a...

6.6AI score
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2021/04/15 12:0 a.m.9 views

PT-2021-19283 · Dio · Dio

Name of the Vulnerable Software and Affected Versions: dio package versions prior to 5.0.0 Description: The issue allows CRLF injection if the attacker controls the HTTP method string. This is a different issue than previously identified problems. Recommendations: For dio package versions prior t...

7.5CVSS7.6AI score0.01158EPSS
Exploits1References13
Rows per page
Query Builder