Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

121603 matches found

EUVD
EUVDadded 2026/04/02 6:31 p.m.4 views

EUVD-2025-209188

A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to...

7.5CVSS5.9AI score0.00673EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/02 6:31 p.m.3 views

EUVD-2025-209190

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue...

7.5CVSS5.8AI score0.00428EPSS
Exploits0References2
Snyk
Snykadded 2026/04/02 6:19 p.m.6 views

Improper Validation of Syntactic Correctness of Input

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

6.5CVSS5.9AI score0.00192EPSS
Exploits1References2
NVD
NVDadded 2026/04/02 6:16 p.m.9 views

CVE-2026-5414

A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected by this issue is some unknown functionality of the file /omnidocs/WebApiRequestRedirection. The manipulation of the argument DocumentId results in improper control of resource identifiers. The attack may be performed...

6.9CVSS0.00315EPSS
Exploits0References4
OSV
OSVadded 2026/04/02 6:16 p.m.3 views

UBUNTU-CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

6.5CVSS5.8AI score0.00192EPSS
Exploits1References4
CVE
CVEadded 2026/04/02 6:15 p.m.13 views

CVE-2026-5417

Dataease SQLbot up to 1.6.0 contains an SSRF issue in the Elasticsearch Handler. The vulnerability is in get_es_data_by_http (backend/apps/db/es_engine.py) where argument address is manipulated, potentially allowing a remote attack. Public exploit disclosures exist. Upgrading to Dataease SQLbot 1...

5.8CVSS5.5AI score0.00218EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/04/02 6:0 p.m.3 views

CVE-2026-5414 Newgen OmniDocs WebApiRequestRedirection resource injection

A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected by this issue is some unknown functionality of the file /omnidocs/WebApiRequestRedirection. The manipulation of the argument DocumentId results in improper control of resource identifiers. The attack may be performed...

6.9CVSS5.5AI score0.00315EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/02 5:23 p.m.5 views

EUVD-2026-18446

Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint accepts a user-supplied URL and fetches it server-side using axios.get with no SSRF protections. The only validation is a file extension check .png, .jpg, etc. which is trivially...

8.3CVSS5.8AI score0.00267EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/04/02 5:20 p.m.3 views

CVE-2026-34121 Authentication Bypass in DS Configuration Service via HTTP Request Parsing Differential of TP-Link Tapo C520WS

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

8.7CVSS6.1AI score0.00447EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/04/02 5:20 p.m.14 views

CVE-2026-34121 Authentication Bypass in DS Configuration Service via HTTP Request Parsing Differential of TP-Link Tapo C520WS

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

8.7CVSS0.00447EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/02 5:19 p.m.1 views

CVE-2026-34119 Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied HTTP input. An...

7.1CVSS6.2AI score0.00228EPSS
Exploits0References3
CVE
CVEadded 2026/04/02 5:19 p.m.11 views

CVE-2026-34118

Summary (CVE-2026-34118): A heap-based buffer overflow in TP-Link Tapo C520WS (v2.6) occurs in the HTTP POST body parsing due to missing validation of remaining buffer capacity after dynamic allocation, i.e., insufficient boundary validation for externally supplied HTTP input. An attacker on the ...

7.1CVSS6.1AI score0.00259EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/02 5:19 p.m.3 views

CVE-2026-34118

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input. An...

7.1CVSS6.1AI score0.00259EPSS
Exploits0References4
NVD
NVDadded 2026/04/02 5:16 p.m.3 views

CVE-2025-65114

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue...

7.5CVSS0.00428EPSS
Exploits0References1
OSV
OSVadded 2026/04/02 5:16 p.m.2 views

DEBIAN-CVE-2025-65114

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue...

7.5CVSS5.2AI score0.00428EPSS
Exploits0References1
NVD
NVDadded 2026/04/02 5:16 p.m.4 views

CVE-2025-58136

A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to...

7.5CVSS0.00673EPSS
Exploits0References1
OSV
OSVadded 2026/04/02 5:16 p.m.2 views

DEBIAN-CVE-2025-58136

A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to...

7.5CVSS7.6AI score0.00673EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/04/02 5:16 p.m.3 views

CVE-2025-65114

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue...

7.5CVSS5.8AI score0.00428EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/04/02 5:16 p.m.2 views

CVE-2025-58136

A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to...

7.5CVSS5.9AI score0.00673EPSS
Exploits0References1
OSV
OSVadded 2026/04/02 5:16 p.m.2 views

UBUNTU-CVE-2025-58136

A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to...

7.5CVSS5.8AI score0.00673EPSS
Exploits0References2
Rows per page
Query Builder