Lucene search
+L

3067 matches found

euvd
euvd
added 5 hours ago4 views

EUVD-2026-44921

HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A remote attacker can intercept and alter the contents of the server's HTTP responses before they reach the client application, allowing them to manipulate the authentication or authorization logic to...

5.5CVSS6.1AI score
Exploits0References1
redhatcve
redhatcve
added 2 days ago6 views

CVE-2026-50651

.NET Denial of Service Vulnerability - HTTP/2 SETTINGS/PING ACK flood causing OOM...

7.5CVSS6.1AI score0.00617EPSS
Exploits0References3
nvd
nvd
added 2 days ago3 views

CVE-2026-15429

A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data. An authenticated user with sufficient privileges may be abl...

5.1CVSS0.00394EPSS
Exploits0References2
cvelist
cvelist
added 2 days ago21 views

CVE-2026-49788 HTTP/2 Denial of Service Vulnerability

...

7.5CVSS0.00797EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago25 views

CVE-2026-12523 Resource exhaustion in quiche HTTP/3 and QPACK layers

Summary Cloudflare quiche's HTTP/3 layer was discovered to be vulnerable to resource exhaustion i.e., memory by means of specially crafted HTTP/3 frames. Impact HTTP/3 defines multiple frame types to support HTTP message exchanges and connection management. Each frame has a length and a payload...

7.5CVSS0.00292EPSS
Exploits0References1
osv
osv
added 2 days ago3 views

CVE-2026-6790

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...

5.3CVSS6.1AI score0.00196EPSS
Exploits0References4
nvd
nvd
added 2 days ago6 views

CVE-2026-27690

Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to ...

9.1CVSS0.00539EPSS
Exploits0References2
nvd
nvd
added 3 days ago6 views

CVE-2026-62186

OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization...

7.6CVSS0.00192EPSS
Exploits0References2
redhat
redhat
added 3 days ago5 views

firefox: thunderbird: Use-after-free in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component...

8.8CVSS6AI score0.00382EPSS
Exploits0References6
redhat
redhat
added 3 days ago4 views

firefox: thunderbird: Use-after-free in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component...

8.8CVSS6AI score0.00382EPSS
Exploits0References6
nessus
nessus
added 3 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-15146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that...

5.9CVSS6.2AI score0.00121EPSS
Exploits0References3
osv
osv
added 6 days ago2 views

DEBIAN-CVE-2026-55213

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...

7.5CVSS6.2AI score0.00343EPSS
Exploits0References1
nvd
nvd
added 6 days ago10 views

CVE-2026-55213

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...

7.5CVSS0.00343EPSS
Exploits0References2
nvd
nvd
added 6 days ago8 views

CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

5.9CVSS0.00121EPSS
Exploits0References3
osv
osv
added 6 days ago3 views

UBUNTU-CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

5.9CVSS6.2AI score0.00121EPSS
Exploits0References5
metasploit
metasploit
added 6 days ago32 views

FTP Fetch, Bind TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an FTP server. Listen for a connection No NX Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include Msf::Payload::Adapter::Fetch::FTP inclu...

6.2AI score
Exploits0
metasploit
metasploit
added 6 days ago21 views

FTP Fetch, Find Tag Ordinal Stager

Fetch and execute an x86 payload from an FTP server. Use an established connection Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include Msf::Payload::Adapter::Fetch::FTP inclu...

6.2AI score
Exploits0
metasploit
metasploit
added 6 days ago24 views

FTP Fetch, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an FTP server. Connect back to the attacker Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include Msf::Payload::Adapter::Fetch::FTP includ...

6.2AI score
Exploits0
metasploit
metasploit
added 6 days ago23 views

FTP Fetch, Find Tag Ordinal Stager

Fetch and execute an x86 payload from an FTP server. Use an established connection Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include Msf::Payload::Adapter::Fetch::FTP inclu...

6.2AI score
Exploits0
metasploit
metasploit
added 6 days ago21 views

FTP Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an FTP server. Listen for a connection Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include Msf::Payload::Adapter::Fetch::FTP include...

6.2AI score
Exploits0
Rows per page
Query Builder