Lucene search
K

9 matches found

SUSE CVE
SUSE CVE
added 2026/04/06 11:25 p.m.4 views

SUSE CVE-2026-27018

Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. This issue has been patched in version 8.29.0...

8.8CVSS5.7AI score0.00538EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/31 10:58 p.m.5 views

CVE-2026-27018

Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. This issue has been patched in version 8.29.0...

8.8CVSS5.7AI score0.00574EPSS
Exploits1References1
NVD
NVD
added 2026/03/30 9:17 p.m.4 views

CVE-2026-27018

Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. This issue has been patched in version 8.29.0...

8.8CVSS0.00538EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/30 4:16 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through improper handling of case-insensitive URL schemes in the FilterDeadline function. An attacker can access arbitrary files within the container by submitting URLs with mixed-case or uppercase schem...

8.8CVSS6AI score0.00538EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/30 4:16 p.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through improper handling of case-insensitive URL schemes in the FilterDeadline function. An attacker can access arbitrary files within the container by submitting URLs with mixed-case or uppercase schem...

8.8CVSS6AI score0.00538EPSS
Exploits1References3
Amazon
Amazon
added 2023/08/25 12:0 a.m.17 views

Important: ecs-service-connect-agent

Issue Overview: Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some...

9.8CVSS6.9AI score0.01106EPSS
Exploits3
BDU FSTEC
BDU FSTEC
added 2023/07/28 12:0 a.m.5 views

The vulnerability of the Envoy proxy server, related to errors in processing mixed-case schemes in HTTP/2, allows attackers to gain access to protected data.

The vulnerability of the Envoy proxy server is related to errors in the processing of mixed-case schemes in HTTP/2. Exploiting this vulnerability can allow a remote attacker to gain access to protected data...

8.5CVSS6.7AI score0.00598EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2023/07/26 4:47 p.m.43 views

CVE-2023-35944

A flaw was found in Envoy that allows for mixed-case schemes in HTTP/2. However, some internal scheme checks in Envoy are case-sensitive, leading to incorrect handling of requests and responses with mixed case schemes. For example, if a request with a mixed scheme HTTP is sent to the OAuth2 filte...

8.2CVSS6.8AI score0.00598EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.4 views

PT-2023-3901 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.27.0 Envoy versions prior to 1.26.4 Envoy versions prior to 1.25.9 Envoy versions prior to 1.24.10 Envoy versions prior to 1.23.12 Description: The issue is related to the handling of mixed-case schemes in HTTP/2 by...

8.5CVSS6.8AI score0.00598EPSS
Exploits1References11
Rows per page
Query Builder