Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

CNNVD
CNNVDadded 2026/02/26 12:0 a.m.6 views

Sub2API 安全漏洞

Sub2API is an API gateway platform developed by Wesley Liddick. Versions of Sub2API prior to 0.1.85 contained security vulnerabilities; these vulnerabilities were caused by password reset attacks, which could lead to account takeover...

9.3CVSS5.8AI score0.00245EPSS
Exploits0References1
OSV
OSVadded 2025/10/17 1:40 a.m.4 views

MGASA-2025-0239 Updated varnish & lighttpd packages fix security vulnerability

It was discovered that a denial of service attack can be performed on cache servers that have the HTTP/2 protocol turned on. An attacker can create a large number of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for the session, causing...

7.5CVSS6.9AI score0.06887EPSS
Exploits3References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2005-0066

Malware in sbrugna...

10CVSS6AI score0.01937EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletinsadded 2023/12/13 5:48 p.m.59 views

Security Bulletin: IBM Security Verify Access is vulnerable to Rapid Reset attacks if HTTP2 is enabled (CVE-2023-44487)

Summary The Webseal component of IBM Security Verify Access product is vulnerable to CVE-2023-44487, a flaw in handling multiplexed streams in the HTTP/2 protocol. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in...

7.5CVSS7.8AI score0.99999EPSS
Exploits19Affected Software1
OSV
OSVadded 2018/02/12 3:29 a.m.15 views

CVE-2018-6889

An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction...

8.8CVSS7.7AI score0.07067EPSS
Exploits3References2
Cvelist
Cvelistadded 2005/01/19 5:0 a.m.43 views

CVE-2005-0065

The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged aka "TCP sequence number checking", which makes it easier for attackers to forge ICMP error messages for specifi...

6.3AI score0.01937EPSS
Exploits0References2
NVD
NVDadded 2004/12/22 5:0 a.m.27 views

CVE-2005-0067

The original design of TCP does not require that port numbers be assigned randomly aka "Port randomization", which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using 1 blind connection-reset attacks with...

5CVSS6.4AI score0.13455EPSS
Exploits0References2
NVD
NVDadded 2004/12/22 5:0 a.m.28 views

CVE-2005-0068

The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using 1 blind connection-reset attacks with forged...

5CVSS6.6AI score0.54387EPSS
Exploits0References2
NVD
NVDadded 2004/12/22 5:0 a.m.21 views

CVE-2005-0066

The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged aka "TCP acknowledgement number checking", which makes it easier for...

5CVSS6.4AI score0.10742EPSS
Exploits0References2
Rows per page
Query Builder