Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

121519 matches found

Vulnrichment
Vulnrichmentadded 2026/05/03 3:30 p.m.9 views

CVE-2026-7701 Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereference

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...

5.3CVSS5.4AI score0.00394EPSS
Exploits0References4
OSV
OSVadded 2026/05/03 9:58 a.m.7 views

OESA-2026-2193 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...

9.1CVSS5.7AI score0.00461EPSS
Exploits0References10
OSV
OSVadded 2026/05/03 9:56 a.m.12 views

OESA-2026-2148 pdfbox security update

Apache PDFBox is an open source Java PDF library for working with PDF documents. This project allows creation of new PDF documents, manipulation of existing documents and the ability to extract content from documents. Apache PDFBox also includes several command line utilities. Apache PDFBox is...

4.3CVSS5.7AI score0.00711EPSS
Exploits0References2
NVD
NVDadded 2026/05/03 1:15 a.m.27 views

CVE-2026-40561

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.3CVSS0.00378EPSS
Exploits0References4
OSV
OSVadded 2026/05/03 1:15 a.m.9 views

DEBIAN-CVE-2026-40561

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/05/03 1:15 a.m.6 views

CVE-2026-40561

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References2
OSV
OSVadded 2026/05/03 1:15 a.m.4 views

UBUNTU-CVE-2026-40561

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/03 12:57 a.m.59 views

CVE-2026-40561 Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

0.00378EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2026/05/03 12:57 a.m.6 views

CVE-2026-40561

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.3CVSS5.8AI score0.00378EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2026/05/03 12:57 a.m.4 views

CVE-2026-40561 Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.8AI score0.00378EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/03 12:57 a.m.29 views

EUVD-2026-26806

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.8AI score0.00378EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2026/05/03 12:57 a.m.8 views

CVE-2026-40561

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.3CVSS5.8AI score0.00378EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/05/03 12:57 a.m.2 views

CVE-2026-40561

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.8AI score0.00378EPSS
Exploits0References3
CVE
CVEadded 2026/05/03 12:57 a.m.29 views

CVE-2026-40561

CVE-2026-40561 affects Starlet for Perl (versions through 0.31). The root cause is improper header precedence: when both Content-Length and Transfer-Encoding: chunked are present, Starlet prioritizes Content-Length, violating RFC 7230 section 3.3.3, where Transfer-Encoding must take precedence. T...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessusadded 2026/05/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-40561

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes Content-Length over...

5.3CVSS5.4AI score0.00378EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/03 12:0 a.m.15 views

PT-2026-36646

Name of the Vulnerable Software and Affected Versions Starlet versions prior to 0.32 Description Starlet for Perl allows HTTP Request Smuggling due to improper header precedence. The software incorrectly prioritizes the Content-Length header over Transfer-Encoding: chunked when both are present i...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References14
ATTACKERKB
ATTACKERKBadded 2026/05/02 1:0 p.m.5 views

CVE-2026-7629

A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of the file src/tools/codeReview.ts of the component Ccode-Review Tool. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References7Affected Software1
CVE
CVEadded 2026/05/02 12:0 p.m.11 views

CVE-2026-7628

The CVE-2026-7628 affects crazyrabbitLTC mcp-code-review-server (up to version 0.1.0). The vulnerability is in RepoMix Command Handler’s function executeRepomix (src/repomix.ts), where a manipulation yields command injection. Exploitation can be remote, and public exploit code is available. The i...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/05/02 12:0 p.m.4 views

CVE-2026-7628

A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiated remotely. The...

6.5CVSS5.6AI score0.0111EPSS
Exploits0References7Affected Software1
Cvelist
Cvelistadded 2026/05/02 11:0 a.m.30 views

CVE-2026-7627 8nite metatrader-4-mcp sync_ea_from_file index.ts CallToolRequestSchema path traversal

A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component synceafromfile. Such manipulation of the argument eaname leads to path traversal. The attack can be launched remotely...

6.5CVSS0.00344EPSS
Exploits0References5
Rows per page
Query Builder