Lucene search
+L

13 matches found

redhat
redhat
added 2026/06/10 8:25 p.m.7 views

undertow: Undertow: Request smuggling via inconsistent header parsing

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks,...

9.1CVSS5.4AI score0.00704EPSS
Exploits0References4
cve
cve
added 2026/03/27 4:13 p.m.45 views

CVE-2026-28368

A vulnerability (CVE-2026-28368) affects Undertow and involves a discrepancy in header parsing between Undertow and upstream proxies, enabling HTTP request smuggling. Reported across multiple sources (NVD, Debian/Ubuntu OSV, Circl, GitHub advisories, and Nessus plugin) with confirmed references t...

9.1CVSS5.9AI score0.00704EPSS
Exploits0References4Affected Software10
redhat
redhat
added 2026/03/24 10:39 a.m.5 views

python: cpython: URL parser allowed square brackets in domain names

A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...

6.3CVSS6.6AI score0.01499EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/03/20 7:6 a.m.8 views

CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

8.1CVSS7.3AI score0.00688EPSS
Exploits2References4Affected Software1
redhatcve
redhatcve
added 2026/03/10 8:31 a.m.5 views

CVE-2026-25960

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker can exploit this Server-Side Request Forgery SSRF bypass vulnerability in the loadfromurlasync method. The flaw occurs because the URL validation and the actual HTTP request handling use...

9.8CVSS5.7AI score0.00485EPSS
Exploits1References7
cvelist
cvelist
added 2026/03/09 9:1 p.m.38 views

CVE-2026-25960 SSRF Protection Bypass in vLLM

vLLM is an inference and serving engine for large language models LLMs. The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the loadfromurlasync method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. The SSRF fix uses...

7.1CVSS0.00485EPSS
Exploits1References4
cnnvd
cnnvd
added 2026/03/09 12:0 a.m.6 views

vLLM 代码问题漏洞

vLLM is an open-source inference and service engine designed for LLM models, featuring high throughput and efficient memory usage. Version vLLM 0.17.0 contains a code vulnerability. This vulnerability stems from inconsistencies in URL parsing between the verification layer and the actual HTTP...

9.8CVSS5.9AI score0.00485EPSS
Exploits1References4
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-43204

Malicious code in bioql PyPI...

8.8CVSS6.7AI score0.01252EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2342

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00321EPSS
Exploits1References8
osv
osv
added 2025/01/31 6:15 p.m.7 views

AZL-56231 CVE-2025-0938 affecting package python3 for versions less than 3.12.9-1

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

6.3CVSS6.7AI score0.01499EPSS
Exploits0References1
osv
osv
added 2025/01/31 6:15 p.m.5 views

UBUNTU-CVE-2025-0938

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

6.3CVSS6.7AI score0.01499EPSS
Exploits0References9
cnnvd
cnnvd
added 2024/05/03 12:0 a.m.9 views

Softing Secure Integration Server 安全漏洞

Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing, and security supervision. A security vulnerability exists in Softing Secure Integration...

8.8CVSS7AI score0.01252EPSS
Exploits0References2
gitlab
gitlab
added 2023/08/31 12:0 a.m.5 views

Filename spoofing in archive

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...

7.8CVSS7.1AI score0.00321EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder