Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/06 12:36 p.m.12 views

CVE-2026-40562

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References3
OSV
OSV
added 2026/03/13 7:55 p.m.2 views

DEBIAN-CVE-2026-32597

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting...

7.5CVSS7.2AI score0.00269EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/18 1:41 a.m.8 views

CVE-2026-2439

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...

9.8CVSS5.6AI score0.00403EPSS
Exploits0References1
OSV
OSV
added 2024/08/09 5:17 p.m.6 views

CLSA-2024-1723223824 Fix CVE(s): CVE-2024-38428

SECURITY UPDATE: Insecure behavior with semicolons in URI userinfo - debian/patches/CVE-2024-38428.patch: Properly re-implement userinfo parsing rfc2396 to fix outdated RFC implementation - CVE-2024-38428...

9.1CVSS7.3AI score0.00672EPSS
Exploits0References1
Rows per page
Query Builder