Lucene search
K

12638 matches found

Cvelist
Cvelist
added 2025/08/26 10:18 p.m.7 views

CVE-2025-35115 Agiloft insecure download of system packages

Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30...

9.2CVSS0.00219EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-2048

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning ...

7.5CVSS7AI score0.01818EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.2 views

Cisco Secure Firewall Threat Defense Remote Access VPN Web Server DoS (cisco-sa-asaftd-vpnwebs-dos-hjBhmBsX)

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a vulnerability. - A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could all...

7.7CVSS6AI score0.00467EPSS
Exploits0References4
OSV
OSV
added 2025/08/25 9:15 p.m.4 views

UBUNTU-CVE-2025-57804

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...

6.9CVSS5.8AI score0.0161EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/25 9:4 p.m.1 views

CVE-2025-57804 h2 allows HTTP Request Smuggling due to illegal characters in headers

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...

6.9CVSS7.1AI score0.0161EPSS
Exploits0References2
OSV
OSV
added 2025/08/25 9:4 p.m.2 views

CVE-2025-57804 h2 allows HTTP Request Smuggling due to illegal characters in headers

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...

6.9CVSS6.5AI score0.0161EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/25 8:44 p.m.7 views

h2 allows HTTP Request Smuggling due to illegal characters in headers

Summary HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request...

6.9CVSS6.5AI score0.0161EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/25 8:44 p.m.1 views

GHSA-847F-9342-265H h2 allows HTTP Request Smuggling due to illegal characters in headers

Summary HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request...

6.9CVSS6.4AI score0.0161EPSS
Exploits0References5
CVE
CVE
added 2025/08/25 8:52 a.m.26 views

CVE-2025-7426

The CVE-2025-7426 entry relates to MINOVA TTA, where the FTP credentials are exposed through the debug port 1604 on the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account and could enable data manipulation or extraction in automated processes (EDI/data integrat...

9.3CVSS7.2AI score0.00343EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/25 12:0 a.m.5 views

MINOVA TTA 安全漏洞

MINOVA TTA is an automated oil loading and unloading system from MINOVA, Germany. A security vulnerability exists in MINOVA TTA that originates from the exposure of FTP credentials on debug port 1604, which could lead to unauthenticated remote access and data disclosure...

9.3CVSS6.8AI score0.00343EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/25 12:0 a.m.8 views

CVE-2025-55575

SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers to gain sensitive information via a crafted HTTP request with action=servicedetail...

0.00416EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.4 views

PT-2025-34601 · Unknown · Minova Tta

Name of the Vulnerable Software and Affected Versions: MINOVA TTA version 11.17.0 Description: The MINOVA TTA service exposes authentication FTP credentials through debug port 1604, allowing unauthenticated remote access to active FTP accounts containing sensitive internal data and import...

9.3CVSS6.7AI score0.00343EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-15091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations...

7.1CVSS7AI score0.01265EPSS
Exploits0References2
Redos
Redos
added 2025/08/25 12:0 a.m.4 views

ROS-20250825-04

A vulnerability in ASGI Starlette toolkit for creating asynchronous Python web services is related to blocking the main thread for transferring a file to disk. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

5.3CVSS7.1AI score0.00526EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2010-4756

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The glob implementation in the GNU C Library aka glibc or libc6 allows remote authenticated users to cause a denial of service CPU and memory consumption via...

4CVSS7.6AI score0.02633EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/08/23 8:13 p.m.6 views

CVE-2010-20034

Gekko Manager FTP Client = 0.77 contains a stack-based buffer overflow in its FTP directory listing parser. When processing a server response to a LIST command, the client fails to properly validate the length of filenames. A crafted response containing an overly long filename can overwrite the...

8.5CVSS8.2AI score0.00476EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/08/23 7:14 p.m.245 views

Exploit for CVE-2025-8671

CVE-2025-8671 - PoC DoS lighttpd HTTP/2 Auteur : @abiyeenzo...

7.5CVSS7.2AI score0.04604EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/08/22 4:35 p.m.5 views

CVE-2010-20049

LeapFTP 3.1.x contains a stack-based buffer overflow vulnerability in its FTP client parser. When the client receives a directory listing containing a filename longer than 528 bytes, the application fails to properly bound-check the input and overwrites the Structured Exception Handler SEH chain...

9.3CVSS8.4AI score0.00743EPSS
Exploits0References1
Fedora
Fedora
added 2025/08/22 2:12 a.m.6 views

[SECURITY] Fedora 41 Update: socat-1.8.0.3-1.fc41

Socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device serial line etc. or a pseudo terminal, a socket UNIX, IP4, IP6 - raw, UDP, TCP, an SSL socket, proxy CONNECT connection, a file descriptor stdin etc., th...

9.8CVSS7AI score0.00794EPSS
Exploits0
Redos
Redos
added 2025/08/22 12:0 a.m.5 views

ROS-20250822-12

Vulnerability of http2 package of Go programming language is related to uncontrolled server resources consumption as a result of resetting Server.MaxConcurrentStreams parameter during request stream processing. as a result of resetting the Server.MaxConcurrentStreams parameter when processing a...

7.5CVSS6.8AI score0.03796EPSS
Exploits0
Rows per page
Query Builder