Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 1:53 p.m.9 views

Tilt: Cross-site WebSocket hijacking of the Tilt HUD stream

Summary The Tilt HUD WebSocket /ws/view is gated by a CSRF token, but the token is served by an unauthenticated endpoint and the upgrader accepts any client that omits an Origin header. When the HUD is network-exposed, an attacker can open the HUD stream and read the developer's session state...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References4Affected Software1
Microsoft KB
Microsoft KB
added 2025/10/14 2:0 p.m.15 views

.NET 9.0 Update - October 14, 2025 (KB5068332)

None None...

9.9CVSS6.8AI score0.65838EPSS
Exploits5
Microsoft KB
Microsoft KB
added 2022/07/12 12:0 a.m.7 views

.NET Core 3.1 Update: July 12, 2022 (KB5016404)

None None...

6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/11/20 4:14 p.m.7 views

httpd: mod_http2: possible crash on late upgrade

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server...

4.9CVSS7AI score0.08441EPSS
Exploits0References6
OSV
OSV
added 2019/06/11 10:29 p.m.3 views

DEBIAN-CVE-2019-0197

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server...

4.2CVSS6.7AI score0.08441EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/07/24 5:29 p.m.4 views

CVE-2017-2605

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-1000362. Reason: This candidate is a duplicate of CVE-2017-1000362. A vendor reference identifier was mistakenly treated as a CVE ID. Notes: All CVE users should reference CVE-2017-1000362 instead of this candidate. All...

7.3AI score
Exploits0References2
Rows per page
Query Builder