CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

44 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-0345

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.01107EPSS

Exploits0References19

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-3201

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00128EPSS

Exploits1References6

NVD•added 2024/06/04 9:15 p.m.•15 views

CVE-2024-23326

Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230section-6.7 a server sends 101 when switching...

8.2CVSS5.7AI score0.00082EPSS

Exploits0References1

OSV•added 2024/02/08 9:15 a.m.•27 views

CVE-2024-23452

Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.51.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description： The httpparser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a...

7.5CVSS7.4AI score

Exploits0References4

NVD•added 2024/02/08 9:15 a.m.•11 views

CVE-2024-23452

7.5CVSS7.5AI score0.0071EPSS

Exploits0References4

Cvelist•added 2024/02/08 9:0 a.m.•15 views

CVE-2024-23452 Apache bRPC: HTTP request smuggling vulnerability

7.7AI score0.0071EPSS

Exploits0References4

Vulnrichment•added 2024/02/08 9:0 a.m.•19 views

CVE-2024-23452 Apache bRPC: HTTP request smuggling vulnerability

7.5AI score0.0071EPSS

Exploits0References4

AlpineLinux•added 2023/12/04 9:15 p.m.•32 views

CVE-2023-47106

Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path...

6.9AI score0.00128EPSS

Exploits1

Prion•added 2023/12/04 9:15 p.m.•15 views

Improper access control

6.4CVSS6.9AI score0.00128EPSS

Exploits1References4Affected Software1

OSV•added 2023/12/04 8:26 p.m.•20 views

CVE-2023-47106 Incorrect processing of fragment in the URL leads to Authorization Bypass in Traefik

4.8CVSS6.6AI score0.00128EPSS

Exploits1References6

OSV•added 2023/04/21 8:27 p.m.•36 views

GHSA-WJFC-PGFP-PV9C Improper Input Validation in nyholm/psr7

Impact Improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. Patches The issue is patched in 1.6.1. Workarounds Ther...

5.3CVSS5.8AI score0.04782EPSS

Exploits0References6

Github Security Blog•added 2023/04/21 8:27 p.m.•24 views

Improper Input Validation in nyholm/psr7

7.5CVSS6.4AI score0.04782EPSS

Exploits0References6Affected Software1

OSV•added 2023/04/18 10:20 p.m.•36 views

GHSA-Q2QJ-628G-VHFW Insecure header validation in slim/psr7

Impact An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An attacker that is able to control the header names that are passed to Slilm-Ps...

6.5CVSS6.1AI score0.00165EPSS

Exploits0References9

Friends Of PHP•added 2023/04/17 4:0 p.m.•28 views

Improper header validation

7.5CVSS5.8AI score0.04782EPSS

Exploits0Affected Software1

Friends Of PHP•added 2023/04/17 4:0 p.m.•19 views

Improper Input Validation in headers

6.1AI score

Exploits0Affected Software1

F5 Networks•added 2023/02/21 8:1 p.m.•67 views

K15311661: NodeJS vulnerability CVE-2016-2086

Security Advisory Description Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. CVE-2016-2086 Impact An attacker may be able to perform HTTP reques...

7.5CVSS8.7AI score0.00482EPSS

Exploits0Affected Software23

F5 Networks•added 2022/12/15 9:58 p.m.•71 views

K00373024: Apache vulnerability CVE-2016-8743

Security Advisory Description Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of...

7.5CVSS6.6AI score0.0978EPSS

Exploits0Affected Software23

Github Security Blog•added 2022/10/07 7:31 a.m.•14 views

Twisted vulnerable to HTTP Request Smuggling Attacks

Impact Twisted Web is vulnerable to request smuggling attacks: 1. "When presented with two content-length headers, Twisted Web ignored the first header. When the second content-length was set to zero this caused Twisted Web to interpret the request body as a pipelined request. According to RFC 72...

7AI score

Exploits0References4Affected Software1

OSV•added 2022/10/07 7:31 a.m.•14 views

GHSA-8R99-H8J2-RW64 Twisted vulnerable to HTTP Request Smuggling Attacks

7AI score

Exploits0References4

Tenable Nessus•added 2022/10/03 12:0 a.m.•73 views

Ubuntu 22.04 LTS : Twisted vulnerability (USN-5576-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5576-1 advisory. It was discovered that Twisted incorrectly parsed some types of HTTP requests in its web server implementation. In certain proxy or multi-server configurations, a...

8.1CVSS7.7AI score0.01107EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by