Lucene search
K

4046 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.13 views

httpd: incomplete fix for CVE-2023-38709

A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers. These issues lead to HTTP response splitting. This CVE provides a "complete" fix for CVE-2023-38709...

7.5CVSS6.7AI score0.03914EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 10:36 p.m.4 views

SUSE-SU-2026:2686-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

9.8CVSS7.3AI score0.99957EPSS
Exploits47References95
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-556 Header injection in TurboGears

A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely...

9.8CVSS6.2AI score0.00854EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/26 9:58 p.m.17 views

EUVD-2026-31687

Hackney has CR/LF injection in query parameter...

7.5CVSS5.8AI score0.00421EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/26 9:54 p.m.14 views

EUVD-2026-31683

Hackney has CRLF / header injection via unvalidated domain and path options...

5.3CVSS5.8AI score0.00374EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/26 8:4 a.m.6 views

CVE-2026-53189

A flaw was found in the Linux kernel's memory management, specifically within the huge page mechanism. When a huge page is split, the system updates a counter after releasing a reference to the memory. This timing issue can lead to the system attempting to read from memory that has already been...

7.8CVSS5.7AI score0.00138EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in libsoup3

A flaw was discovered in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary...

5.8CVSS6.3AI score0.00298EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ext4: Do not zero the entire extent if EXT4EXTDATAPARTIALVALID1 is true. When allocating initialized blocks from a large unwritten extent, or when splitting an unwritten extent during end I/O and converting it to initialized, the...

5.5CVSS5.8AI score0.00155EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ext4: Do not cache extents during splitting Caching extents during the splitting process is risky, as it may result in stale extents remaining in the status tree. Moreover, in most cases, the corresponding extent block entries ar...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ext4: Drop the extent cache when splitting an extent fails When splitting an extent fails, it is possible that some extents are still being processed, and an error is returned directly. This will result in stale extent entries...

5.5CVSS5.7AI score0.0016EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 8:16 p.m.12 views

CVE-2026-54555

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command beginning with an...

7.8CVSS0.00128EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51516

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.12 Description The software fails to validate cookie names within the setCookie, serialize, and serializeSigned functions. When an application uses a user-controlled cookie name, invalid characters such as control...

6.9CVSS5.8AI score0.00247EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.20 views

PT-2026-51583

Name of the Vulnerable Software and Affected Versions rtk versions prior to 0.42.2 Description A flaw in the permission splitter logic fails to conservatively split or reject certain Bash shell constructs that create command-execution boundaries or nested execution. This improper input validation...

7.8CVSS6.2AI score0.00128EPSS
Exploits0References6
OSV
OSV
added 2026/06/22 12:8 p.m.2 views

SUSE-SU-2026:2487-1 Security update for rmt-server

This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...

7.5CVSS5.9AI score0.0043EPSS
Exploits0References22
RedHat Linux
RedHat Linux
added 2026/06/22 6:28 a.m.6 views

kernel: mm/page_alloc: clear page->private in free_pages_prepare()

A flaw was found in the Linux kernel's memory management subsystem. When pages are freed, the page-private field is not properly cleared. If these pages are later reallocated as high-order pages and split, the tail pages can retain stale page-private values. This can lead to a use-after-free...

7.8CVSS5.8AI score0.0013EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.13 views

RHEL 9 : kernel (RHSA-2026:27789)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27789 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix tx.buf...

9.8CVSS7AI score0.004EPSS
Exploits11References36
OSV
OSV
added 2026/06/20 6:57 a.m.6 views

SUSE-SU-2026:22199-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

9.8CVSS6.2AI score0.4581EPSS
Exploits18References23
OSV
OSV
added 2026/06/20 6:57 a.m.2 views

SUSE-SU-2026:22209-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

9.8CVSS7.2AI score0.4581EPSS
Exploits18References23
OSV
OSV
added 2026/06/20 6:56 a.m.2 views

OPENSUSE-SU-2026:21115-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

9.8CVSS7.3AI score0.4581EPSS
Exploits18References22
Snyk
Snyk
added 2026/06/18 3:4 p.m.3 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the headers option in the Remote process. An attacker can inject or override HTTP headers in outgoing requests by including newline characters in user-controlled input that is forwarded to the header value...

6.9CVSS5.9AI score0.0029EPSS
Exploits0References3
Rows per page
Query Builder