Lucene search
K

121669 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/27 9:22 p.m.3 views

CVE-2026-33953

LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user t...

8.5CVSS5.9AI score0.00274EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/27 9:8 p.m.103 views

CVE-2026-33939

Summary: CVE-2026-33939 affects Handlebars 4.0.0–4.7.8, where a template using decorator syntax referencing an unregistered decorator (e.g. {{*n}}) causes the runtime to call an undefined value as a function, leading to an unhandled TypeError and a potential single-request DoS. The issue is fixed...

7.5CVSS5.9AI score0.00602EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/03/27 8:16 p.m.2 views

DEBIAN-CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS8.2AI score0.0064EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 8:16 p.m.4 views

CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS0.0064EPSS
Exploits1References22
NVD
NVD
added 2026/03/27 8:16 p.m.5 views

CVE-2026-31943

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS0.00213EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/03/27 8:16 p.m.1 views

CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS5.8AI score0.0064EPSS
Exploits1References5
OSV
OSV
added 2026/03/27 8:16 p.m.8 views

UBUNTU-CVE-2026-34475

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass...

9.8CVSS5.8AI score0.00202EPSS
Exploits1References3
OSV
OSV
added 2026/03/27 8:16 p.m.4 views

UBUNTU-CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS5.8AI score0.0064EPSS
Exploits1References6
OSV
OSV
added 2026/03/27 7:58 p.m.4 views

GHSA-GJXX-92W9-8V8F Clerk: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host

Summary The clerkFrontendApiProxy function in @clerk/backend is vulnerable to Server-Side Request Forgery SSRF. An unauthenticated attacker can craft a request path that causes the proxy to send the application's Clerk-Secret-Key to an attacker-controlled server. Affected packages Only applicatio...

7.4CVSS6AI score0.00309EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:54 p.m.6 views

CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS5.9AI score0.0064EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/27 7:54 p.m.11 views

CVE-2026-33870 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS5.9AI score0.0064EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/03/27 7:54 p.m.3 views

CVE-2026-33870 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS5.8AI score0.0064EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/27 7:54 p.m.23 views

CVE-2026-33870 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS0.0064EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/03/27 7:54 p.m.8 views

CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS8.2AI score0.0064EPSS
Exploits1
CVE
CVE
added 2026/03/27 7:54 p.m.535 views

CVE-2026-33870

Netty HTTP request smuggling vulnerability (CVE-2026-33870) arises from how Netty versions prior to 4.1.132.Final and 4.2.10.Final parse quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. The IBM and OSS/Ecosystem advisories in the connected...

7.5CVSS5.8AI score0.0064EPSS
Exploits1References22Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:52 p.m.2 views

CVE-2026-4974

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...

9CVSS6.5AI score0.00632EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 7:52 p.m.1 views

CVE-2026-4974 Tenda AC7 POST Request SetSysTimeCfg fromSetSysTime memory corruption

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...

9CVSS7.8AI score0.00632EPSS
Exploits1References5
CVE
CVE
added 2026/03/27 7:52 p.m.9 views

CVE-2026-4974

CVE-2026-4974 affects Tenda AC7 firmware version 15.03.06.44. The vulnerability is in the function fromSetSysTime of /goform/SetSysTimeCfg in the POST Request Handler, where manipulating the Time argument can cause a stack-based buffer overflow. This enables remote code execution over the network...

9CVSS7.8AI score0.00632EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:23 p.m.3 views

CVE-2026-31945

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery SSRF attack when using agent actions or MCP. Although a previous SSRF vulnerability...

7.7CVSS5.9AI score0.00249EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/27 7:23 p.m.21 views

CVE-2026-31945 LibreChat Server-Side Request Forgery using DNS resolution

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery SSRF attack when using agent actions or MCP. Although a previous SSRF vulnerability...

7.7CVSS0.00249EPSS
Exploits1References1
Rows per page
Query Builder