Lucene search
K

276 matches found

OSV
OSV
added 2025/12/05 11:15 a.m.5 views

UBUNTU-CVE-2025-66200

moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...

5.4CVSS5.8AI score0.00591EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/11/06 11:32 p.m.7 views

KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer

Summary Short summary of the problem. Make the impact and severity as clear as possible. A flawed implementation of the Kubernetes aggregation layer's authentication flow could enable bypassing RBAC controls. Details Give all details on the vulnerability. Pointing to the incriminated source code ...

4.7CVSS7.6AI score0.00139EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/29 2:16 a.m.15 views

CVE-2025-12344

A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...

6.5CVSS6.4AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/28 1:32 a.m.10 views

CVE-2025-12344 Yonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted upload

A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...

6.5CVSS0.00234EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/28 1:32 a.m.2 views

CVE-2025-12344 Yonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted upload

A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...

6.5CVSS6.2AI score0.00234EPSS
Exploits0References4
CVE
CVE
added 2025/10/28 1:32 a.m.14 views

CVE-2025-12344

Summary : CVE-2025-12344 affects Yonyou U8 Cloud up to 5.1sp. The vulnerability lies in an unknown function within /service/NCloudGatewayServlet (Request Header Handler) where manipulation of the ts/sign argument enables an unrestricted file upload. Exploitation can be performed remotely, and pub...

6.5CVSS6.2AI score0.00234EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-0334

Malware in sbrugna...

9.8CVSS9.1AI score0.01799EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-1690

Malware in sbrugna...

5CVSS6.4AI score0.01719EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2000-0835

Malware in sbrugna...

10CVSS6.4AI score0.06412EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-23851

Malware in sbrugna...

5.3CVSS5.2AI score0.01313EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0797

Malware in sbrugna...

6.1CVSS6.2AI score0.02758EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-35120

Malicious code in bioql PyPI...

8.2CVSS6AI score0.00453EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-47952

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00601EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-0544

Malicious code in bioql PyPI...

7.5CVSS7.3AI score0.01613EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/08/23 3:10 p.m.5 views

CVE-2025-48956

A flaw was found in vLLM. A denial of service DoS vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does n...

7.5CVSS6.2AI score0.00527EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/13 11:19 a.m.10 views

CVE-2025-50125

A CWE-918: Server-Side Request Forgery SSRF vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header...

6.3CVSS7.5AI score0.00463EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:59 a.m.14 views

CVE-2023-49952

Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...

7.5CVSS6.8AI score0.00458EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:37 p.m.7 views

CVE-2021-32813

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation,...

8.1CVSS6.8AI score0.011EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:37 p.m.11 views

CVE-2020-36309

ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...

5.3CVSS6.7AI score0.01313EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:48 p.m.6 views

CVE-2020-23776

A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request...

7.5CVSS6.8AI score0.00786EPSS
Exploits1
Rows per page
Query Builder