Lucene search
K

12 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-49098

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

5.3CVSS0.00212EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42551

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET...

7.5CVSS5.5AI score0.0031EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 8:16 p.m.41 views

CVE-2026-42551

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET...

7.5CVSS0.0031EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:23 p.m.6 views

CVE-2026-42551

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET...

7.5CVSS5.8AI score0.0031EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

Flight 安全漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the unconditional acceptance of the X-HTTP-Method-Override header and the$REQUESTmethod parameter by the Request::getMethod method. This...

7.5CVSS5.8AI score0.0031EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/06 9:38 p.m.11 views

Flight: HTTP method override enabled by default, facilitating CSRF escalation and middleware bypass

Summary Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET request can silently become a DELETE or PUT, enabling CSRF...

7.5CVSS5.8AI score0.0031EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-10913

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the overrid...

9.8CVSS7.3AI score0.01854EPSS
Exploits0References2
Snyk
Snyk
added 2023/10/12 12:0 a.m.1 views

Improper Preservation of Consistency Between Independent Representations of Shared State

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Improper Preservation of Consistency Between Independent Representations of Shared State due to the improper handling of the X-HTTP-Method-Override...

6.9CVSS6.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/26 12:0 a.m.5 views

PT-2023-23000

Name of the Vulnerable Software and Affected Versions ESPv2 versions 2.20.0 through 2.42.0 Description The issue allows API clients to bypass JWT authentication by crafting a malicious X-HTTP-Method-Override header value under specific conditions. This occurs when the requested HTTP method is not...

9.8CVSS7.2AI score0.00649EPSS
Exploits0References13
CNVD
CNVD
added 2020/07/22 12:0 a.m.3 views

SilverStripe Environment Issues Vulnerabilities

SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . A security vulnerability exists in Silverstripe 4.4.4 and previous versions. An attack...

5.9CVSS7AI score0.00758EPSS
Exploits0References1
OSV
OSV
added 2019/05/16 10:29 p.m.4 views

UBUNTU-CVE-2019-10913

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...

9.8CVSS7.3AI score0.01854EPSS
Exploits0References3
NVD
NVD
added 2018/06/07 2:29 a.m.21 views

CVE-2017-16136

method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed...

7.5CVSS7.4AI score0.01215EPSS
Exploits0References1
Rows per page
Query Builder