Lucene search
K

72 matches found

Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.6 views

PT-2026-3247

Name of the Vulnerable Software and Affected Versions The Librarian affected versions not specified Description The Librarian software has an information leakage issue stemming from the web fetch tool. This allows an attacker to retrieve arbitrary external content, potentially using The Librarian...

7.5CVSS6AI score0.00342EPSS
Exploits0References7
CVE
CVE
added 2026/01/06 12:0 a.m.16 views

CVE-2025-60534

CVE-2025-60534 affects Blue Access Cobalt v02.000.195. The issue is an authentication bypass that lets an attacker selectively proxy requests to operate functionality in the web application without valid credentials. Primary impact is high (CVSS: 9.8, Network attacker, no privileges required, no ...

9.8CVSS6.8AI score0.00652EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.6 views

PT-2026-1461

Name of the Vulnerable Software and Affected Versions Blue Access Cobalt version 02.000.195 Description Blue Access Cobalt version 02.000.195 is subject to an authentication bypass. This allows an attacker to selectively proxy requests to operate functionality within the web application without...

9.8CVSS6.7AI score0.00652EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.6 views

EulerOS Virtualization 2.13.0 : httpd (EulerOS-SA-2025-2578)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of...

9.1CVSS7.5AI score0.03914EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-26863

Malware in sbrugna...

7.5CVSS7.5AI score0.01367EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-51019

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00756EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-54774

Malicious code in bioql PyPI...

7.5CVSS6.2AI score0.00772EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2025/08/08 5:9 p.m.8 views

K000152924: Apache HTTP Server vulnerability CVE-2024-43204

Security Advisory Description SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a valu...

7.5CVSS6.8AI score0.00772EPSS
Exploits0Affected Software1
Ubuntu
Ubuntu
added 2025/07/16 5:25 p.m.14 views

USN-7639-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to perform HTTP response splitting attacks. CVE-2024-42516 xiaojunjie discovered that the Apache HTTP Server modproxy module incorrectly handled...

9.1CVSS7.5AI score0.04409EPSS
Exploits2
OSV
OSV
added 2025/07/16 5:25 p.m.6 views

USN-7639-1 apache2 vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to perform HTTP response splitting attacks. CVE-2024-42516 xiaojunjie discovered that the Apache HTTP Server modproxy module incorrectly handled...

9.1CVSS7.1AI score0.04409EPSS
Exploits2References8
NVD
NVD
added 2025/07/10 5:15 p.m.5 views

CVE-2024-43204

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

7.5CVSS0.00772EPSS
Exploits0References4
OSV
OSV
added 2025/07/10 5:15 p.m.5 views

CVE-2024-43204

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

7.5CVSS5.8AI score
Exploits0References4
OSV
OSV
added 2025/07/10 5:15 p.m.4 views

ALPINE-CVE-2024-43204

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

7.5CVSS6.9AI score0.00772EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/10 4:54 p.m.84 views

CVE-2024-43204 Apache HTTP Server: SSRF with mod_headers setting Content-Type header

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

0.00772EPSS
Exploits0References1
CVE
CVE
added 2025/07/10 4:54 p.m.241 views

CVE-2024-43204

CVE-2024-43204 affects Apache HTTP Server when mod_proxy is loaded. The vulnerability permits SSRF by sending outbound proxy requests to a URL controlled by the attacker, requiring an unlikely configuration in which mod_headers modifies the Content-Type header with a value provided in the HTTP re...

7.5CVSS6.4AI score0.00772EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/18 2:15 p.m.7 views

CVE-2025-47791

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing to proxy requests...

5.3CVSS6.8AI score0.00314EPSS
Exploits0References1
NVD
NVD
added 2025/05/16 3:15 p.m.12 views

CVE-2025-47791

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing to proxy requests...

5.3CVSS0.00314EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/16 2:9 p.m.15 views

CVE-2025-47791 Nextcloud Server's test remote endpoint is not rate limited

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing to proxy requests...

4.3CVSS7AI score0.00314EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.4 views

Nextcloud 代码问题漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A code issue vulnerability exists in Nextcloud versions prior to 28.0.13, prior to 29.0.10, and prior to 30.0.3, which stems from not properly securing a...

5.3CVSS6.8AI score0.00314EPSS
Exploits0References4
OSV
OSV
added 2025/02/11 5:15 p.m.5 views

CVE-2025-24472

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to...

8.1CVSS5.8AI score0.02988EPSS
Exploits0References2
Rows per page
Query Builder