Lucene search
K

60 matches found

Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.6 views

PT-2025-39077

Name of the Vulnerable Software and Affected Versions Stocky POS with Inventory Management & HRM ui-lib version 5.0 Description Stocky POS with Inventory Management & HRM ui-lib version 5.0 is affected by a Stored Cross-Site Scripting XSS issue within the Products module, accessible to...

5.4CVSS5.4AI score0.00236EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2025/08/29 4:24 p.m.6 views

Versity panic induced by AWS chunked data sent to port

Sending AWS chunk data with no Content-Length HTTP header causes the panic, every time. Reproduction Setup versity server running on port 7071, no SSL for ease of packet tracing with tshark. Problem can be reproduced with or without SSL on the versity end. Use nginx to reverse proxy on port 7070...

7.1AI score
Exploits0References4Affected Software1
OSV
OSV
added 2025/08/29 4:24 p.m.2 views

GHSA-V2CH-C8V8-FGR7 Versity panic induced by AWS chunked data sent to port

Sending AWS chunk data with no Content-Length HTTP header causes the panic, every time. Reproduction Setup versity server running on port 7071, no SSL for ease of packet tracing with tshark. Problem can be reproduced with or without SSL on the versity end. Use nginx to reverse proxy on port 7070...

8.7CVSS7.1AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-46728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming...

7.5CVSS7.1AI score0.00603EPSS
Exploits1References3
Wired Threat Level
Wired Threat Level
added 2025/07/15 7:40 p.m.7 views

The FBI's Jeffrey Epstein Prison Video Had Nearly 3 Minutes Cut Out

Metadata from the “raw” Epstein prison video shows approximately 2 minutes and 53 seconds were removed from one of two stitched-together clips. The cut starts right at the “missing minute.”...

7.4AI score
Exploits0
OSV
OSV
added 2025/06/06 2:4 p.m.2 views

OESA-2025-1613 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size...

7.5CVSS6.9AI score0.00603EPSS
Exploits1References2
OSV
OSV
added 2025/06/06 2:4 p.m.5 views

OESA-2025-1611 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size...

7.5CVSS6.9AI score0.00603EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/05/08 11:39 a.m.3 views

SUSE CVE-2025-46728

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

7.5CVSS7.1AI score0.00603EPSS
Exploits1References3
Snyk
Snyk
added 2025/05/06 1:43 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of incoming HTTP requests with Transfer-Encoding: chunked or without a Content-Length header. An attacker can cause uncontrolled memory allocation on the server b...

9.2CVSS7AI score0.00603EPSS
Exploits1References2
OSV
OSV
added 2025/05/06 1:15 a.m.2 views

DEBIAN-CVE-2025-46728

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

7.5CVSS7.3AI score0.00603EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/11 12:0 a.m.6 views

CVE-2025-27912

An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when 1 Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or 2 when username/password or Active Directory authentication is in use and a...

8.8CVSS8.7AI score0.00175EPSS
Exploits0References2
OSV
OSV
added 2024/12/18 3:2 p.m.3 views

GHSA-C4PW-33H3-35XW Atro CSRF Middleware Bypass (security.checkOrigin)

Summary A bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. Details When the security.checkOrigin configuration option is set to true, Astro middleware will perform a CSRF check. Source code:...

5.9CVSS6AI score0.00213EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2024/10/31 7:54 a.m.15 views

CVE-2024-10086

A flaw was found in Consul and Consul Enterprise. This vulnerability allows reflected Cross-site scripting XSS attacks via missing Content-Type HTTP header in server responses, enabling misinterpretation of user-provided inputs. Mitigation Mitigation for this issue is either not available or the...

6.1CVSS5.9AI score0.00427EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.5 views

SAP Enable Now 跨站脚本漏洞

SAP Enable Now is a collaborative content creation, management and sharing platform from SAP. The platform is primarily used for online learning and training in SAP and non-SAP systems. A cross-site scripting vulnerability exists in SAP Enable Now that stems from an unimplemented...

6.1CVSS5.8AI score0.00345EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/06/07 12:0 a.m.11 views

The vulnerability of the ABB eSOMS software for managing production processes allows a hacker to execute arbitrary code.

The vulnerability of the ABB eSOMS software for managing production processes is related to the absence of the X-Content-Type-Options Header in the HTTP response. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

6.1CVSS6.7AI score0.01047EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/08/17 9:15 p.m.4 views

CVE-2022-2547

A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22...

7.5CVSS5.8AI score0.01297EPSS
Exploits0References2
OSV
OSV
added 2019/10/12 8:15 p.m.5 views

CVE-2019-17502

Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The processheaderend function calls boaatoi, which ultimately calls atoi on a NULL pointer...

7.5CVSS7.2AI score0.01704EPSS
Exploits1References2
OSV
OSV
added 2016/09/21 2:25 p.m.4 views

DEBIAN-CVE-2016-6801

Cross-site request forgery CSRF vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the...

8.8CVSS7.3AI score0.02293EPSS
Exploits0References1
OSV
OSV
added 2016/09/21 2:25 p.m.6 views

UBUNTU-CVE-2016-6801

Cross-site request forgery CSRF vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the...

8.8CVSS7.4AI score0.02293EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2007/08/13 12:0 a.m.37 views

WengoPhone 2.x - SIP Phone Remote Denial of Service

/main.cpp/ include include using namespace std; ifdef WIN32 include pragma commentlib, "ws232.lib" define close closesocket define writea,b,c senda, b, c, 0 define writetoa,b,c,d,e sendtoa, b, c, 0, d, e define reada,b,c recva, b, c, 0 define readfroma,b,c,d,e recvfroma, b, c, 0, d, e else includ...

7.4AI score
Exploits0
Rows per page
Query Builder