Lucene search
K

45 matches found

OSV
OSV
added 2026/05/29 9:32 p.m.13 views

GHSA-55RJ-X2VC-4WHQ Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification

Description The Twilio SMS notifier bridge ships a webhook request parser used to authenticate and decode the status callbacks Twilio POSTs to an application's webhook endpoint. Its doParseRequest $request, \SensitiveParameter string $secret method receives the configured webhook secret but never...

8.2CVSS5.8AI score0.00026EPSS
Exploits0References6
Snyk
Snyk
added 2026/01/07 2:8 a.m.1 views

Malicious Package

Overview redis-request-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/06 4:45 a.m.12 views

Malicious code in redis-request-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c98c3985913e00b5e728a27ab47c68589ba0e478f576fa6ed9aed1c42d229972 The package redis-request-parser was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References1
EUVD
EUVD
added 2026/01/06 4:45 a.m.6 views

EUVD-2026-1128

Malicious code in redis-request-parser npm...

6.6AI score
Exploits0
OSV
OSV
added 2026/01/06 4:45 a.m.5 views

MAL-2026-71 Malicious code in redis-request-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c98c3985913e00b5e728a27ab47c68589ba0e478f576fa6ed9aed1c42d229972 The package redis-request-parser was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2008-4658

Malware in sbrugna...

7.8CVSS6.4AI score0.01916EPSS
Exploits1References7
Snyk
Snyk
added 2025/09/10 11:49 a.m.3 views

Malicious Package

Overview xml-request-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/09/10 11:49 a.m.4 views

MAL-2025-47024 Malicious code in xml-request-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21f1d42d43604327ee124527dd04dcb37f13b0d2c46a4f2dc3e3764c7b2000bb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/10 11:49 a.m.4 views

Malicious code in xml-request-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21f1d42d43604327ee124527dd04dcb37f13b0d2c46a4f2dc3e3764c7b2000bb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.7 views

PT-2024-8690

Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.10.11 Description aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A flaw exists in the Python parser's handling of newlines within chunk extensions, potentially leading to request...

7.5CVSS7.1AI score0.00576EPSS
Exploits0References211
BDU FSTEC
BDU FSTEC
added 2024/10/21 12:0 a.m.5 views

The vulnerability of the AjpRequestParser class in the ajp-listener component of the Undertow web server allows a attacker to trigger a service failure.

The vulnerability of the AjpRequestParser class in the ajp-listener component of the Undertow web server is related to an uncontrolled resource consumption due to incorrect decoding of request paths. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS6.9AI score0.01702EPSS
Exploits0References17Affected Software9
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.52 views

RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.4.21 (RHSA-2018:2742)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2742 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

7.5CVSS7.5AI score0.20599EPSS
Exploits0References24
CVE
CVE
added 2023/07/19 7:39 p.m.163 views

CVE-2023-37276

CVE-2023-37276 affects aiohttp when used as an HTTP server (aiohttp.Application); vulnerable code is in the llhttp-based HTTP request parser bundled with aiohttp v3.8.4 and earlier. Exploitation can lead to HTTP request smuggling. The issue is addressed in aiohttp 3.8.5; upgrading is recommended....

7.5CVSS6.2AI score0.01422EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/06/29 12:0 a.m.16 views

Schneider Electric Modicon Improper Input Validation (CVE-2018-7761)

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...

9.8CVSS8.9AI score0.02138EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/10 12:0 a.m.59 views

Fedora 38 : python-django3 (2023-a74513bda8)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a74513bda8 advisory. Security fixes for CVE-2022-24580 and CVE-2023-41323 Tenable has extracted the preceding description block directly from the Fedora security advisor...

7.5CVSS6.5AI score0.62575EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/05 12:0 a.m.41 views

Fedora 37 : python-django3 (2023-bde7913e5a)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-bde7913e5a advisory. Security fixes for CVE-2022-24580 and CVE-2023-41323 Tenable has extracted the preceding description block directly from the Fedora security advisor...

7.5CVSS6.5AI score0.62575EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/05 12:0 a.m.31 views

Fedora 36 : python-django3 (2023-3d775d93be)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3d775d93be advisory. Security fixes for CVE-2022-24580 and CVE-2023-41323 Tenable has extracted the preceding description block directly from the Fedora security advisor...

7.5CVSS6.5AI score0.62575EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/01 12:0 a.m.29 views

openSUSE 15 Security Update : python-Django (openSUSE-SU-2023:0062-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0062-1 advisory. - An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs...

7.5CVSS6.4AI score0.62575EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.28 views

Debian dla-3329 : python-django - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3329 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3329-1 [email protected] https://www.debian.org/lts/security/...

7.5CVSS6.4AI score0.62575EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/02/15 3:30 a.m.53 views

Resource exhaustion in Django

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs e.g., an excessive number of parts to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for ...

7.5CVSS7.5AI score0.62575EPSS
Exploits0References23Affected Software1
Rows per page
Query Builder