Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

121143 matches found

NVD
NVDadded 2026/05/26 10:16 p.m.13 views

CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS0.01002EPSS
Exploits2References10
OSV
OSVadded 2026/05/26 10:16 p.m.6 views

UBUNTU-CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS5.8AI score0.01002EPSS
Exploits2References6
Vulnrichment
Vulnrichmentadded 2026/05/26 10:1 p.m.7 views

CVE-2026-45298 Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...

8.6CVSS5.9AI score0.01285EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/05/26 9:54 p.m.10 views

CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS5.8AI score0.01002EPSS
Exploits2References8Affected Software1
Cvelist
Cvelistadded 2026/05/26 9:54 p.m.33 views

CVE-2026-48710 Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS0.01002EPSS
Exploits2References7
Debian CVE
Debian CVEadded 2026/05/26 9:54 p.m.11 views

CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS5.8AI score0.01002EPSS
Exploits2
CVE
CVEadded 2026/05/26 9:54 p.m.164 views

CVE-2026-48710

Starlette (Python ASGI framework) contains a Host header validation issue in versions before 1.0.1. The HTTP Host header was not validated when reconstructing request.url, while routing relies on the raw path and request.url, allowing a malformed Host header to make request.url.path differ from t...

6.5CVSS5.8AI score0.01002EPSS
Exploits2References10Affected Software1
AlpineLinux
AlpineLinuxadded 2026/05/26 9:54 p.m.13 views

CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS5.8AI score0.01002EPSS
Exploits2
NVD
NVDadded 2026/05/26 9:16 p.m.10 views

CVE-2026-48592

Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling cancel,...

5.3CVSS0.0041EPSS
Exploits0References4
NVD
NVDadded 2026/05/26 9:16 p.m.8 views

CVE-2026-45412

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via workflowtemplate Import. Authenticated users can supply arbitrary URLs in workflowtemplate.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed in...

6.3CVSS0.00207EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 9:16 p.m.9 views

CVE-2026-44836

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...

6.5CVSS0.00343EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/26 8:14 p.m.8 views

CVE-2026-9423

A security flaw has been discovered in Edimax BR-6675nD 1.12. Impacted is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. The exploit has been releas...

5.8CVSS5.6AI score0.02153EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/26 8:14 p.m.9 views

CVE-2026-9363

A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a manipulation of the argument method results in command injection. Remote exploitation of the attack ...

6.5CVSS6.4AI score0.01364EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/26 8:14 p.m.10 views

CVE-2026-9297

A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the argument repeaterSSID leads to command injection. The attack may be initiated remotely. The...

6.5CVSS6.4AI score0.01525EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/26 8:14 p.m.12 views

CVE-2026-9296

A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument...

6.5CVSS6.4AI score0.01495EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/26 8:14 p.m.10 views

EUVD-2026-31985

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via workflowtemplate Import. Authenticated users can supply arbitrary URLs in workflowtemplate.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed in...

6.3CVSS5.9AI score0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/26 8:14 p.m.8 views

CVE-2026-45412 MaxKB: Unauthenticated SSRF via Workflow Template Import

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via workflowtemplate Import. Authenticated users can supply arbitrary URLs in workflowtemplate.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed in...

6.3CVSS5.9AI score0.00207EPSS
Exploits0References1
CVE
CVEadded 2026/05/26 8:14 p.m.16 views

CVE-2026-45412

MaxKB (enterprise AI) is affected by SSRF in the work_flow_template component prior to version 2.9.1. An authenticated user could supply arbitrary URLs to work_flow_template.downloadUrl, and the server would fetch them without URL validation or internal IP filtering, enabling server-side requests...

6.3CVSS5.9AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/26 8:14 p.m.10 views

CVE-2026-47075

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

7.5CVSS5.9AI score0.00394EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/05/26 8:14 p.m.15 views

CVE-2026-47072

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...

7.5CVSS6AI score0.00482EPSS
Exploits1References1
Rows per page
Query Builder