Lucene search
+L

137 matches found

Cvelist
Cvelist
added 2026/07/06 8:11 a.m.34 views

CVE-2026-49365 Apache Camel: Camel-Netty-HTTP: The muteException consumer option defaulted to false, so a processing error returned the full Java stack trace in the HTTP response body, disclosing sensitive internal information to unauthenticated clients

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...

0.00363EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5454 Mattermost doesn't validate the response body of proxied images in github.com/mattermost/mattermost-server

Mattermost doesn't validate the response body of proxied images in github.com/mattermost/mattermost-server...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 4:50 p.m.5 views

CVE-2026-54008

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/openwebui/utils/oauth.py::processpictureurl calls validateurlpictureurl on the initial URL only, then invokes aiohttp.ClientSession.getpictureurl, ... without...

8.5CVSS5.9AI score0.00203EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 9:2 p.m.31 views

CVE-2026-46717 Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin Role==0 and RoleMember Role==1. The notification routes POST /api/v1/notification and PATCH...

7.7CVSS0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:2 p.m.14 views

CVE-2026-46717 Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin Role==0 and RoleMember Role==1. The notification routes POST /api/v1/notification and PATCH...

7.7CVSS5.2AI score0.0027EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/27 12:47 a.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the POST /api/notifications/test-webhook endpoint, which is accessible without authentication in the default deployment. An attacker can cause the application to send HTTP POST requests to arbitrary...

8.7CVSS5.7AI score0.01491EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/26 10:1 p.m.9 views

CVE-2026-45298 Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...

8.6CVSS5.9AI score0.01491EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/23 12:8 a.m.21 views

Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification

Summary nezha's dashboard supports two user roles: RoleAdmin Role==0 and RoleMember Role==1. The notification routes POST /api/v1/notification and PATCH /api/v1/notification/:id are wired through commonHandler rather than adminHandler — so a RoleMember user can call them. These handlers...

7.7CVSS5.8AI score0.0027EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/23 12:8 a.m.9 views

GHSA-W4G9-MXGG-J532 Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification

Summary nezha's dashboard supports two user roles: RoleAdmin Role==0 and RoleMember Role==1. The notification routes POST /api/v1/notification and PATCH /api/v1/notification/:id are wired through commonHandler rather than adminHandler — so a RoleMember user can call them. These handlers...

8.5CVSS5.8AI score0.0027EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.17 views

PT-2026-42858

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.4.0 through 2.0.7 Description The dashboard allows users with the RoleMember role to access notification routes that should be restricted to administrators. Specifically, the endpoints "POST /api/v1/notification" an...

8.5CVSS5.2AI score0.0027EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Firefox and Thunderbird

It was possible for a web extension with minimal permissions to create a StreamFilter, which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...

9.1CVSS6.8AI score0.00598EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 4:48 p.m.7 views

CVE-2026-44516 Valtimo: Sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer

Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers...

7.6CVSS5.8AI score0.002EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 4:48 p.m.10 views

EUVD-2026-30335

Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers...

7.6CVSS5.8AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 3:56 p.m.40 views

GHSA-H64F-5H5J-JQJH Next.js has a Denial of Service in the Image Optimization API

Impact When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could cause out-of-memory conditions by requesting large local assets from the /next/image endpoint that match t...

5.9CVSS5.8AI score0.00722EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/11 3:56 p.m.100 views

Next.js has a Denial of Service in the Image Optimization API

Impact When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could cause out-of-memory conditions by requesting large local assets from the /next/image endpoint that match t...

7.5CVSS5.8AI score0.00722EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/05/06 9:0 p.m.27 views

CVE-2026-41484

The CVE concerns OpenTelemetry.Exporter.OneCollector for .NET. In versions ≤1.15.0, HttpJsonPostTransport reads the full response body on non-200 HTTP responses, enabling a potential denial-of-service via unbounded memory allocation if the back-end endpoint or an interceptor returns an arbitraril...

5.9CVSS5.8AI score0.00338EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/06 8:58 p.m.20 views

CVE-2026-41483

OpenTelemetry.Resources.Azure (Azure VM resource detector) suffers from unbounded HTTP response body reads in AzureVmMetaDataRequestor when contacting the Azure VM metadata endpoint, causing unbounded memory usage and potential DoS. The issue affects versions 1.15.0-beta.1 and earlier; it is fixe...

5.9CVSS5.8AI score0.00323EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 8:17 p.m.11 views

OneCollector exporter reads unbounded HTTP response bodies

Summary When exporting telemetry to a back-end/collector over HTTP using the OpenTelemetry.Exporter.OneCollector exporter, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory with no upper-bound on the number of bytes consumed. This could cause...

5.9CVSS5.5AI score0.00338EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/29 8:17 p.m.27 views

GHSA-55M9-299J-53C7 OneCollector exporter reads unbounded HTTP response bodies

Summary When exporting telemetry to a back-end/collector over HTTP using the OpenTelemetry.Exporter.OneCollector exporter, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory with no upper-bound on the number of bytes consumed. This could cause...

5.3CVSS5.9AI score0.00338EPSS
Exploits0References5
OSV
OSV
added 2026/04/23 9:26 p.m.18 views

GHSA-Q834-8QMM-V933 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

Summary When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory with no upper-bound on the number of bytes consumed. This could cause memory...

5.3CVSS5.8AI score0.00304EPSS
Exploits0References6
Rows per page
Query Builder