Lucene search
K

103 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: l2tp: Pass the correct message length to ip6.AppendData. l2tpip6sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To address this issue, we chec...

5.5CVSS6.3AI score0.00252EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:55 p.m.7 views

EUVD-2026-37013

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS5.3AI score0.00273EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/04 1:34 p.m.32 views

CVE-2026-10860 MISP CRUDComponent delete validation bypass via operator precedence error

A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to missing parentheses in the delete condition, the expression was evaluated as $validationError === null && POST || DELETE, meaning a DELETE request...

7.9CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 1:34 p.m.8 views

CVE-2026-10860 MISP CRUDComponent delete validation bypass via operator precedence error

A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to missing parentheses in the delete condition, the expression was evaluated as $validationError === null && POST || DELETE, meaning a DELETE request...

7.9CVSS5.8AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 1:34 p.m.12 views

CVE-2026-10860

In CVE-2026-10860, a logic error in the MISP CRUD component delete handler bypasses validation due to missing parentheses in the delete condition, allowing a DELETE request to proceed even when the delete validation callback rejects the operation. An authenticated attacker with access to an affec...

7.9CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-41139

Impact A Python operator precedence bug in pyzipper/zipfile aes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller...

6.2CVSS5.8AI score0.00009EPSS
Exploits0References4
OSV
OSV
added 2026/05/13 7:0 a.m.25 views

MGASA-2026-0130 Updated perl-Gazelle packages fix security vulnerability

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40562...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/10 8:21 a.m.13 views

CVE-2026-7270

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges...

7.8CVSS6AI score0.00179EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/05/09 3:13 a.m.135 views

Exploit for Operator Precedence Logic Error in Freebsd

CVE-2026-7270 FreeBSD local privilege escalation via exec...

7.8CVSS5.8AI score0.00179EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.5 views

Fedora 42 : perl-Starman (2026-4cca750484)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4cca750484 advisory. Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes Content-Length over...

7.5CVSS5.8AI score0.00487EPSS
Exploits0References2
Mageia
Mageia
added 2026/05/07 5:6 a.m.24 views

Updated perl-Starlet packages fix security vulnerability

Starlet versions through 0.31 for Perl allow HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40561...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References3
OSV
OSV
added 2026/05/07 5:6 a.m.8 views

MGASA-2026-0120 Updated perl-Starlet packages fix security vulnerability

Starlet versions through 0.31 for Perl allow HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40561...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.3 views

Fedora 44 : perl-Starman (2026-5bb108e1b7)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5bb108e1b7 advisory. Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes Content-Length over...

7.5CVSS5.8AI score0.00487EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 12:36 p.m.11 views

CVE-2026-40562

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References3
CVE
CVE
added 2026/05/06 12:36 p.m.19 views

CVE-2026-40562

Gazelle for Perl (versions up to 0.49) is affected by HTTP Request Smuggling due to improper header precedence: Content-Length is prioritized over Transfer-Encoding: chunked when both headers are present, contravening RFC 7230 section 3.3.3. This can enable smuggling of requests via a front-end r...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 12:36 p.m.6 views

CVE-2026-40562 Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.8AI score0.00319EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.20 views

PT-2026-37626

Name of the Vulnerable Software and Affected Versions Gazelle versions prior to 0.50 Description Improper header precedence allows HTTP Request Smuggling. The software incorrectly prioritizes the Content-Length header over Transfer-Encoding: chunked when both are present in an HTTP request,...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References10
AlpineLinux
AlpineLinux
added 2026/05/03 12:57 a.m.8 views

CVE-2026-40561

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.3CVSS5.8AI score0.00378EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/03 12:57 a.m.2 views

CVE-2026-40561

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.8AI score0.00378EPSS
Exploits0References3
CVE
CVE
added 2026/05/03 12:57 a.m.29 views

CVE-2026-40561

CVE-2026-40561 affects Starlet for Perl (versions through 0.31). The root cause is improper header precedence: when both Content-Length and Transfer-Encoding: chunked are present, Starlet prioritizes Content-Length, violating RFC 7230 section 3.3.3, where Transfer-Encoding must take precedence. T...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder