Lucene search
K

121698 matches found

Vulnrichment
Vulnrichment
added 2026/04/21 1:59 p.m.5 views

CVE-2025-31958 HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...

3.7CVSS5.8AI score0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 1:59 p.m.30 views

CVE-2025-31958 HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...

3.7CVSS0.00177EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 12:0 p.m.7 views

RUSTSEC-2026-0109 Broken hard revocation handling

Before sq-git checks if a commit can be authenticated, it first looks for hard revocations. Because parsing a policy is expensive and a project's policy rarely changes, sq-git has an optimization to only check a policy if it hasn't checked it before. It does this by maintaining a set of policies...

1.8CVSS5.5AI score
Exploits0References3
RustSec
RustSec
added 2026/04/21 12:0 p.m.10 views

Broken hard revocation handling

Before sq-git checks if a commit can be authenticated, it first looks for hard revocations. Because parsing a policy is expensive and a project's policy rarely changes, sq-git has an optimization to only check a policy if it hasn't checked it before. It does this by maintaining a set of policies...

5.4AI score
Exploits0Affected Software1
OSV
OSV
added 2026/04/21 11:42 a.m.6 views

SUSE-SU-2026:21366-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: - Update to Tomcat 11.0.21 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OC...

9.1CVSS7.4AI score0.15831EPSS
Exploits6References21
NVD
NVD
added 2026/04/21 9:16 a.m.5 views

CVE-2025-13826

Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...

8.2CVSS0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 8:19 a.m.31 views

CVE-2025-13826 Incorrect input validation on the Zervit portable HTTP/Web server

Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...

8.2CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 12:16 a.m.7 views

CVE-2026-41302

OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...

7.6CVSS0.00223EPSS
Exploits0References3
OSV
OSV
added 2026/04/21 12:16 a.m.9 views

DEBIAN-CVE-2026-35587

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery SSRF vulnerability exists in the Glances IP plugin due to improper validation of the publicapi configuration parameter. The value of publicapi is used directly in outbound HTTP...

8.8CVSS5.7AI score0.00396EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2026/04/21 12:0 a.m.132 views

📄 ASP.net 8.0.10 Core Kestrel HTTP Request Smuggling

This Metasploit auxiliary module targets a critical HTTP request smuggling vulnerability in ASP.NET Core Kestrel caused by improper parsing of malformed chunked transfer encoding notably LF-only line handling and case-variant headers like chUnKEd...

9.9CVSS5.8AI score0.66258EPSS
Exploits5
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.10 views

PT-2026-34053

Name of the Vulnerable Software and Affected Versions mailcow: dockerized versions prior to 2026-03b Description The admin dashboard Autodiscover logs fail to perform HTML escaping on the EMailAddress value, which is logged as the user field. An unauthenticated attacker can submit a crafted...

9.3CVSS5.8AI score0.0028EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010920)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010920 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at allocating a URB or a...

5.5CVSS5.8AI score0.00149EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-007032)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007032 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling cryptofinalizerequest, BH should be...

5.5CVSS5.8AI score0.00231EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.9 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010828)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010828 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Do not sleep in atomic context sgfinishremreq calls blkrqunmapuser. The latter function...

5.8AI score0.00168EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006896)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006896 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling cryptofinalizerequest, BH should be...

5.5CVSS5.8AI score0.00231EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010703)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010703 advisory. In the Linux kernel, the following vulnerability has been resolved: block: don't call rqqosops-donebio if the bio isn't tracked rqqos framework is only applied on...

5.5CVSS6AI score0.00222EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.12 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 had code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing mechanism in the market plugin download function, which could allow attackers to...

7.6CVSS5.9AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.7 views

Oracle MySQL Server 安全漏洞

Oracle MySQL Server is an open source relational database management system with an InnoDB component that provides transaction-safe storage engine functionality. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from the InnoDB component failing to properly...

4.9CVSS7.2AI score0.00242EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.215 contained security vulnerabilities. These vulnerabilities stemmed from the MailboxesController::updateSave function, which...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.9 views

PT-2026-33976

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...

3.7CVSS5.8AI score0.00177EPSS
Exploits0References2
Rows per page
Query Builder