Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 3 days ago11 views

CVE-2026-54282

A flaw was found in Starlette, a lightweight Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.3.0, the HTTP request path was not properly validated when reconstructing the request.url. A remote attacker could craft a malicious HTTP request path that does not begin with a...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References4
OSV
OSV
added 2026/06/15 8:38 p.m.4 views

GHSA-JP82-JPQV-5VV3 Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname

Summary In affected versions, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example @google.com moves the authority boundary...

3.7CVSS5.5AI score0.00187EPSS
Exploits0References2
Qualys Blog
Qualys Blog
added 2023/10/25 6:34 p.m.29 views

Building an AppSec Program with Qualys WAS – Configuring a Web Application or API: Crawl Settings

Qualys Web Application Scanning WAS stands out as the industrys leading Dynamic Application Security Testing DAST solution. Delving deeper into these settings is crucial for effectively harnessing its potential to uncover vulnerabilities. Scan coverage is greatly influenced by the crawl settings,...

6.9AI score
Exploits0
OSV
OSV
added 2022/06/02 2:15 p.m.7 views

AZL-9891 CVE-2022-30115 affecting package curl for versions less than 7.83.1-1

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or th...

4.3CVSS6.6AI score0.01118EPSS
Exploits1References1
OSV
OSV
added 2017/04/04 6:44 a.m.7 views

MGASA-2017-0104 Updated wget packages fix security vulnerability

Wget up untill version 1.19.1 does not ensure control characters are not used in the hostname part of a url. This security update rejects control characters in host part of a url...

6.1CVSS6.2AI score0.03086EPSS
Exploits1References4
NVD
NVD
added 2014/12/08 4:59 p.m.16 views

CVE-2014-9279

The printtestresult function in admin/upgradeunattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL...

5CVSS6.3AI score0.02118EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2007/10/04 12:0 a.m.78 views

SOL6916 - Case change in URL host name circumvents Accessibility Scope

It is possible to bypass the Deny list configured in the Accessibility Scope section located on the Portal Access : Web Applications : Master Group Settings page using a URL whose hostname portion differs in case upper vs. lower from the URL pattern in the Deny list. After logging in to the...

1.3AI score
Exploits0Affected Software1
Rows per page
Query Builder