Lucene search
K

24 matches found

CVE
CVE
added 2026/05/26 9:54 p.m.213 views

CVE-2026-48710

Starlette (Python ASGI framework) contains a Host header validation issue in versions before 1.0.1. The HTTP Host header was not validated when reconstructing request.url, while routing relies on the raw path and request.url, allowing a malformed Host header to make request.url.path differ from t...

6.5CVSS5.8AI score0.01438EPSS
Exploits2References20Affected Software1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

Starlette 环境问题漏洞

Starlette is a lightweight ASGI framework/toolkit developed by Encode. It’s ideal for building asynchronous web services using Python. Versions of Starlette prior to 1.0.1 contained an environmental issue vulnerability. This vulnerability stemmed from the lack of validation of the HTTP Host reque...

6.5CVSS5.8AI score0.01438EPSS
Exploits2References7
CVE
CVE
added 2026/05/13 1:36 p.m.24 views

CVE-2026-8369

CVE-2026-8369 describes an issue in the NAT64 translator of The OpenThread Authors’ OpenThread (affected: OpenThread before commit 26a882d, on all platforms) caused by improper input validation. The vulnerability enables an attacker on an adjacent IPv4 network to inject corrupted IPv6 packets int...

6CVSS5.8AI score0.00162EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/06 5:58 p.m.14 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS7.2AI score0.0064EPSS
Exploits1References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:41 p.m.5 views

Security Bulletin:Jetty URI Parser Differences and Potential Security Implications

Summary The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs...

6.5CVSS7.2AI score0.00159EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.8 views

PT-2026-25778

Name of the Vulnerable Software and Affected Versions pyOpenSSL versions 0.14.0 through 25.9.9 Description pyOpenSSL is a Python wrapper around the OpenSSL library. If a user-provided callback to the set tlsext servername callback function raised an unhandled exception, a connection would be...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References211
RedhatCVE
RedhatCVE
added 2026/02/20 11:27 a.m.4 views

CVE-2026-26958

A flaw was found in filippo.io/edwards25519, a Go library used for cryptographic operations. This vulnerability occurs in the MultiScalarMult function when it processes points that are not properly initialized or are not the identity point. Such conditions can lead to incorrect cryptographic...

6.3CVSS5.5AI score0.00366EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2026/02/11 2:25 p.m.9 views

USN-8025-1: .NET vulnerability

Kevin Jones discovered that the System.Security.Cryptography.Cose component in .NET did not properly handle certain missing special elements in input data. An attacker could possibly use this issue to bypass security checks and gain unauthorized access or perform data manipulation...

7.5CVSS5.6AI score0.01015EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-1303

Malicious code in bioql PyPI...

9.8CVSS8.5AI score0.01122EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-6969

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00738EPSS
Exploits0References6
OSV
OSV
added 2025/09/24 8:48 a.m.3 views

BIT-GOLANG-2025-47910 CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...

5.4CVSS6.9AI score0.00308EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/09 4:36 p.m.1 views

CVE-2025-54248 Adobe Experience Manager | Improper Input Validation (CWE-20)

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Scope is...

7.7CVSS6.1AI score0.05247EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2023-20860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismat...

7.5CVSS6.8AI score0.03514EPSS
Exploits1References3
OSV
OSV
added 2024/10/01 9:15 p.m.7 views

AZL-50268 CVE-2024-9407 affecting package podman 4.1.1-26

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...

4.7CVSS7.2AI score0.00288EPSS
Exploits0References1
NCSC
NCSC
added 2024/03/26 12:0 a.m.8 views

Vulnerabilities fixed in MISP

The developers of MISP have fixed vulnerabilities in MISP. The vulnerabilities allow a malicious person to to bypass security measures. The MISP community has released updates to fix the vulnerabilities fixes in MISP. For more information, see: https://github.com/MISP/MISP/commit...

9.8CVSS7AI score0.00816EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/01/15 12:0 a.m.5 views

The vulnerability of the Microsoft.Data.Sqlclient (MDS) and System.Data.Sqlclient (SDS) libraries in Microsoft.NET Framework and.NET programming platforms is related to security configuration errors. This vulnerability allows attackers to bypass security restrictions and execute a type of “man-in-the-middle” attack.

The vulnerability of the Microsoft.Data.Sqlclient MDS and System.Data.Sqlclient SDS libraries in Microsoft.NET Framework and.NET programming platforms is related to security configuration errors. Exploiting this vulnerability can allow an attacker to bypass security restrictions and execute a...

8.7CVSS7AI score0.0118EPSS
Exploits0References3Affected Software4
RedHat Linux
RedHat Linux
added 2023/11/08 10:27 a.m.32 views

squid: Request/Response smuggling in HTTP/1.1 and ICAP

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

9.3CVSS5.9AI score0.05255EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/07/11 12:0 a.m.4 views

PT-2023-3815 · Microsoft · Windows Remote Desktop Client +1

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Remote Desktop Client affected versions not specified Description: The issue is related to errors in security settings, allowing a remote attacker to bypass existing security restrictions. This can potentially affect the...

7.1CVSS9.3AI score0.00454EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/11/04 12:0 a.m.7 views

PT-2022-24914 · Microsoft · Azure Rtos Usbx

Name of the Vulnerable Software and Affected Versions: Azure RTOS USBX versions prior to 6.1.12 Description: The USB DFU UPLOAD functionality in Azure RTOS USBX may be utilized to introduce a buffer overflow, resulting in the overwrite of memory contents. In particular cases, this may allow an...

9.8CVSS9.9AI score0.01936EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2020/12/25 12:0 a.m.4 views

The vulnerability of Microsoft Excel spreadsheet editors and the Microsoft 365 Apps for Enterprise suite, related to access control deficiencies, allows attackers to bypass existing security measures.

The vulnerability of Microsoft Excel spreadsheet editors and the Microsoft 365 Apps for Enterprise suite is related to deficiencies in access control. Exploiting this vulnerability could allow a perpetrator to bypass existing security measures...

6.8CVSS6.5AI score0.02247EPSS
Exploits0References2
Rows per page
Query Builder