Lucene search
K

121631 matches found

Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29549

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attack...

6.1CVSS6.2AI score0.00242EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29540

Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request. This issue affects Server: from 2026.1.6 through 2026.1.11...

5.9AI score0.00224EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.6 views

Frostmourne 代码问题漏洞

Frostmourne is a multi-data-source monitoring and alert system developed by AutohomeCorp. Versions of Frostmourne 1.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect operations on the file...

6.5CVSS6.7AI score0.00201EPSS
Exploits0References4
Redos
Redos
added 2026/04/01 12:0 a.m.5 views

ROS-20260401-73-0046

The server vulnerability for python Waitress is related to a flaw in HTTP request handling. Exploitation of the vulnerability allows an attacker acting remotely to impact data integrity...

7.5CVSS5.9AI score0.01738EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.8 views

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1525)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1525 advisory. Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 request...

9.8CVSS7.2AI score0.0115EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.6 views

Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1526)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1526 advisory. Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 request...

9.8CVSS7.1AI score0.0115EPSS
Exploits0References14
OSV
OSV
added 2026/03/31 11:11 p.m.3 views

GHSA-PH84-R98X-2J22 Admidio has Missing CSRF Protection on Registration Approval Actions

Summary The createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which correctly validates the token, these three approval actions read thei...

4.5CVSS6AI score0.00169EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/31 11:11 p.m.5 views

Admidio has Missing CSRF Protection on Registration Approval Actions

Summary The createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which correctly validates the token, these three approval actions read thei...

7.3CVSS6AI score0.00169EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/31 11:10 p.m.3 views

GHSA-G3MX-8JM6-RC85 Admidio has Missing CSRF Protections on Custom List Deletion in mylist_function.php

Reported by: Juan Felipe Oz @JF0x0r LinkedIn Summary The delete mode handler in mylistfunction.php permanently deletes list configurations without validating a CSRF token. An attacker who can lure an authenticated user to a malicious page can silently destroy that user's list configurations —...

4.6CVSS6AI score0.00123EPSS
Exploits1References4
NVD
NVD
added 2026/03/31 10:16 p.m.4 views

CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

6.5CVSS0.00196EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/31 10:16 p.m.4 views

CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

6.5CVSS5.7AI score0.00196EPSS
Exploits1References3
OSV
OSV
added 2026/03/31 10:16 p.m.11 views

UBUNTU-CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

6.5CVSS5.7AI score0.00196EPSS
Exploits1References4
OSV
OSV
added 2026/03/31 10:2 p.m.2 views

SUSE-SU-2026:1162-1 Security update for python-tornado

This update for python-tornado fixes the following issues: - CVE-2025-67724: missing validation of the supplied reason phrase bsc1254903. - CVE-2025-67725: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254905. - CVE-2026-31958: parsing large...

8.7CVSS6.4AI score0.00396EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/31 9:31 p.m.3 views

EUVD-2026-17583

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...

6AI score0.00313EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/31 9:28 p.m.21 views

CVE-2026-34443 FreeScout: SSRF protection bypass via broken CIDR check in checkIpByMask()

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask in app/Misc/Helper.php checks whether the input IP contains a / character. Plain IP addresses never contain /, so the function always returns false without checking any CIDR...

6.9CVSS0.00277EPSS
Exploits1References3
OSV
OSV
added 2026/03/31 9:28 p.m.1 views

CVE-2026-34443 FreeScout: SSRF protection bypass via broken CIDR check in checkIpByMask()

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask in app/Misc/Helper.php checks whether the input IP contains a / character. Plain IP addresses never contain /, so the function always returns false without checking any CIDR...

6.9CVSS5.8AI score0.00277EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/31 9:21 p.m.22 views

CVE-2026-34441 cpp-httplib: HTTP Request Smuggling via Unconsumed GET Request Body

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

4.8CVSS0.00196EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 9:21 p.m.4 views

CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

4.8CVSS5.7AI score0.00196EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/31 9:21 p.m.9 views

EUVD-2026-17672

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

4.8CVSS5.7AI score0.00196EPSS
Exploits1References2
OSV
OSV
added 2026/03/31 9:21 p.m.4 views

CVE-2026-34441 cpp-httplib: HTTP Request Smuggling via Unconsumed GET Request Body

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

4.8CVSS5.7AI score0.00196EPSS
Exploits1References4
Rows per page
Query Builder