Lucene search
+L

5 matches found

nvd
nvd
added 2026/06/25 7:16 p.m.11 views

CVE-2026-28898

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...

5.3CVSS0.00192EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/25 6:36 p.m.20 views

CVE-2026-28898

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...

0.00192EPSS
Exploits0References1
cve
cve
added 2026/02/19 9:25 p.m.21 views

CVE-2026-26275

The CVE affects httpsig-hyper up to version 0.0.22, where Digest header verification could incorrectly succeed due to a misuse of Rust’s matches! macro, causing digest checks to pass even when the computed digest did not match the expected value. This could allow message body modifications to go ...

7.5CVSS5.6AI score0.00162EPSS
Exploits0References5Affected Software1
github
github
added 2022/05/17 4:52 a.m.23 views

CiviCRM SQL injection vulnerability via Quick Search API

The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick...

6.5CVSS7.3AI score0.01015EPSS
Exploits0References4Affected Software1
osv
osv
added 2022/05/17 4:52 a.m.31 views

GHSA-4465-R2HG-V4RJ CiviCRM SQL injection vulnerability via Quick Search API

The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick...

6.5CVSS7AI score0.01015EPSS
Exploits0References4
Rows per page
Query Builder