Lucene search
K

276 matches found

CNVD
CNVD
added 2025/05/14 12:0 a.m.2 views

D-Link DIR-880L /htdocs/ssdpcgi File Command Injection Vulnerability

The D-Link DIR-880L is a dual-band Gigabit wireless router from China's AUO D-Link. The D-Link DIR-880L suffers from a command injection vulnerability, which arises from the failure of the file /htdocs/ssdpcgi in the component Request Header Handler to correctly filter the constructed command...

9.8CVSS6.5AI score0.1651EPSS
Exploits0References1
OSV
OSV
added 2025/05/08 5:43 a.m.10 views

BIT-MASTODON-2023-49952

Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...

7.5CVSS7.5AI score0.00458EPSS
Exploits0References3
OSV
OSV
added 2025/05/07 7:11 p.m.9 views

RLSA-2024:2987 Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

7.8CVSS7.9AI score0.04268EPSS
Exploits5References6
OSV
OSV
added 2025/05/07 5:43 a.m.4 views

BIT-MASTODON-2024-34535

In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header...

5.9CVSS6.8AI score0.00371EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/06 8:31 a.m.9 views

CVE-2025-4341 D-Link DIR-880L Request Header ssdpcgi sub_16570 command injection

A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Affected by this vulnerability is the function sub16570 of the file /htdocs/ssdpcgi of the component Request Header Handler. The manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command...

6.5CVSS7.5AI score0.1651EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/25 12:0 a.m.4 views

react-router 数据伪造问题漏洞

react-router is a declarative routing for React open-sourced by Remix. A data forgery issue vulnerability exists in versions of react-router prior to 7.5.2, which stems from the possible modification of pre-rendered data by adding a request header...

8.2CVSS7.3AI score0.00737EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/31 12:0 a.m.11 views

CVE-2024-54809

Netgear Inc WNR854T 1.5.2 North America contains a stack-based buffer overflow vulnerability in the parsestheader function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take contr...

8.3AI score0.00654EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/03/29 2:12 a.m.242 views

Exploit for CVE-2025-29927

CVE-2025-29927 - Next.js Middleware Authorization Bypass PoC...

9.1CVSS7.5AI score0.99621EPSS
Exploits58
GithubExploit
GithubExploit
added 2025/03/29 2:12 a.m.529 views

Exploit for CVE-2025-29927

CVE-2025-29927 - Next.js Middleware Authorization Bypass PoC...

9.1CVSS7.5AI score0.99621EPSS
Exploits58
CNVD
CNVD
added 2025/03/13 12:0 a.m.7 views

Apache Camel Arbitrary Command Execution Vulnerability (CNVD-2025-05168)

Apache Camel is the United States Apache Apache Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern Java objects POJO implementation , and throug...

5.6CVSS7.7AI score0.79817EPSS
Exploits4References1
CNVD
CNVD
added 2025/03/13 12:0 a.m.13 views

Apache Camel Arbitrary Command Execution Vulnerability

Apache Camel is the United States Apache Apache Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern Java objects POJO implementation , and throug...

5.6CVSS7.7AI score0.79817EPSS
Exploits3References1
CNVD
CNVD
added 2025/02/18 12:0 a.m.7 views

Cisco Secure Web Appliance Input Validation Error Vulnerability

Cisco Secure Web Appliance is an application from Cisco USA. An input validation error vulnerability exists in Cisco Secure Web Appliance that stems from improper handling of HTTP request headers and can be exploited by an attacker to download malicious files...

5.8CVSS6.6AI score0.00423EPSS
Exploits0References1
OSV
OSV
added 2025/02/14 5:58 p.m.7 views

GHSA-XX4V-PRFH-6CGC @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long sequence of spaces followed by a newline and "@", an attacker can exploit inefficient regular expression processin...

5.3CVSS5.5AI score0.0058EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/04 12:0 a.m.6 views

Discourse 访问控制错误漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse suffers from an Access Control Error vulnerability that stems from the fact that an attacker can contaminate the anonymous cache with a...

8.2CVSS6.5AI score0.00247EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/12/12 9:31 a.m.49 views

Withdrawn Advisory: undertow: information leakage via HTTP/2 request header reuse

Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a valid vulnerability. This link is maintained to preserve external references. For more information, see https://nvd.nist.gov/vuln/detail/CVE-2024-4109. Original Description A flaw was found in Undertow. An...

5.2AI score
Exploits0References12Affected Software1
NVD
NVD
added 2024/12/12 9:15 a.m.42 views

CVE-2024-4109

Rejected reason: Red Hat Product Security has determined that this CVE is not a security vulnerability...

Exploits0
CVE
CVE
added 2024/12/12 9:4 a.m.230 views

CVE-2024-4109

CVE-2024-4109 is linked to information leakage in Undertow when handling HTTP/2 header reuse. Affected product: Red Hat JBoss Enterprise Application Platform (EAP) 7.x on RHEL7/RHEL8 as referenced by RHSA advisories (e.g., 7.1.12 on RHEL7 and 7.3.15). Root cause: Undertow HTTP/2 handling allows l...

7.3AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/12/12 9:4 a.m.37 views

CVE-2024-4109

...

5.4AI score
Exploits0
Cvelist
Cvelist
added 2024/12/12 9:4 a.m.61 views

CVE-2024-4109

...

Exploits0
RedhatCVE
RedhatCVE
added 2024/12/12 8:40 a.m.45 views

CVE-2024-4109

A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests...

4.8AI score
Exploits0References4
Rows per page
Query Builder