Lucene search
K

52490 matches found

Amazon
Amazon
added 2026/04/01 12:0 a.m.6 views

Important: nodejs20

Issue Overview: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted:...

9.8CVSS7.2AI score0.0115EPSS
Exploits0
OSV
OSV
added 2026/03/26 8:49 p.m.4 views

MAL-2026-2244 Malicious code in fluxhttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2669b72303bd592ba1633febc04bca1f0a8804d8546baf21b5f3f12baaa80f29 Malicious clone of a legitimate package. When using it, the code attempts to download and execute remote code. In on of the incarnations, the malicious code wa...

6.1AI score
Exploits0References4
Chainguard
Chainguard
added 2026/03/26 7:17 p.m.7 views

CVE-2026-22735 vulnerabilities

Vulnerabilities for packages: kafbat-ui, apache-nifi-registry, kayenta, nacos-docker, apache-activemq-fips, camunda-zeebe, thingsboard, kayenta-fips, camunda, kafbat-ui-fips, apache-activemq, nacos...

2.6CVSS6.1AI score0.00112EPSS
Exploits0
OSV
OSV
added 2026/03/26 6:56 p.m.2 views

GHSA-CG6C-Q2HX-69H7 OpenClaw: Plivo V2 verified replay identity drifts on query-only variants

Summary Before v2026.3.23, the Plivo V2 verification path treated query-only variants of the same signed request as fresh verified work. Plivo V2 signatures authenticate baseUrl + nonce, but the replay key was derived from the full verification URL including the query string, so unsigned query-on...

8.2CVSS5.8AI score0.00283EPSS
Exploits0References6
HackRead
HackRead
added 2026/03/25 8:23 p.m.6 views

Mirai Malware Evolves into Hundreds of Variants Driving Botnet Growth

Mirai malware evolves into hundreds of variants, driving botnet growth, including Aisuru and KimWolf, powering large-scale attacks, and increasing risks to vulnerable IoT devices worldwide...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:6 p.m.2 views

CVE-2026-32004

OpenClaw versions prior to 2026.3.2 contain an authentication bypass vulnerability in the /api/channels route classification due to canonicalization depth mismatch between auth-path classification and route-path canonicalization. Attackers can bypass plugin route authentication checks by submitti...

8.3CVSS5.8AI score0.00297EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-27980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image...

7.5CVSS5.9AI score0.00683EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/12 7:56 p.m.0 views

CVE-2026-1525 undici is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications...

6.5CVSS5.8AI score0.00493EPSS
Exploits0References5
Hacker One
Hacker One
added 2026/03/08 7:16 a.m.13 views

AWS VDP: SQL Injection Detection Bypass in AWS WAF Managed Rules (AWSManagedRulesSQLiRuleSet)

Researchers This vulnerability was discovered through collaborative security research. Researchers: - █████ - █████████ - █████████ --- Summary AWS WAF fails to detect certain SQL injection payload variants. These payloads bypass the AWS WAF SQL injection detection rules and reach the backend...

6.1AI score
Exploits0
CVE
CVE
added 2026/03/02 9:20 p.m.20 views

CVE-2026-3337

CVE-2026-3337 documents a timing side-channel in AES-CCM decryption within AWS-LC affecting EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm. An unauthenticated user could potentially determine authentication tag validity via timing analysis. The impact and remediation are described by the a...

8.2CVSS5.9AI score0.01079EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2026/03/02 12:0 p.m.4 views

RUSTSEC-2026-0043 Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

5.9CVSS5.9AI score0.01079EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/02/24 12:0 a.m.8 views

Analysis of LLMs against Prompt Injection and Jailbreak Attacks

Large Language Models LLMs are widely deployed in real-world systems. Given their broader applicability, prompt engineering has become an efficient tool for resource-scarce organizations to adopt LLMs for their own purposes. At the same time, LLMs are vulnerable to prompt-based attacks. Thus,...

6AI score
Exploits0
Chainguard
Chainguard
added 2026/01/31 7:17 p.m.37 views

GHSA-G9Q4-QJX4-2V7Q vulnerabilities

Vulnerabilities for packages: mc, ingress-nginx-controller, gitlab-rails-ce-fips, gitlab-runner-fips, qemu-guesthelper, tfsec, bom, terraform-fips, osv-scanner, rancher-helm, kubernetes-dashboard, flux-notification-controller-fips, loki, gatekeeper, ferretdb, consul-fips, gpu-operator-fips,...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/30 12:0 a.m.27 views

Trojan-Resilient NTT: Protecting against Control Flow and Timing Faults on Reconfigurable Platforms

Number Theoretic Transform NTT is the most essential component for polynomial multiplications used in lattice-based Post-Quantum Cryptography PQC algorithms such as Kyber, Dilithium, NTRU etc. However, side-channel attacks SCA and hardware vulnerabilities in the form of hardware Trojans may alter...

5.5AI score
Exploits0
Talos Blog
Talos Blog
added 2026/01/29 11:0 a.m.9 views

Dissecting UAT-8099: New persistence mechanisms and regional focus

Cisco Talos has identified a new campaign by UAT-8099, active from late 2025 to early 2026, that is targeting vulnerable Internet Information Services IIS servers across Asia with a specific focus on victims in Thailand and Vietnam. Analysis confirms significant operational overlaps between this...

6AI score
Exploits0
Chainguard
Chainguard
added 2026/01/28 7:17 p.m.8 views

CVE-2025-14157 vulnerabilities

Vulnerabilities for packages: gitlab-workhorse-ce, gitlab-workhorse-ce-fips, gitlab-rails-ce-fips, gitlab-rails-ce...

6.5CVSS6.6AI score0.00275EPSS
Exploits0
NVD
NVD
added 2026/01/28 12:15 a.m.8 views

CVE-2026-24785

Clatter is a nostd compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework...

9.3CVSS0.00122EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/27 11:38 p.m.4 views

CVE-2026-24785 Clatter has a PSK Validity Rule Violation issue

Clatter is a nostd compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework...

9.3CVSS5.8AI score0.00122EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/27 11:38 p.m.9 views

CVE-2026-24785

Clatter is a nostd compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework...

9.3CVSS5.8AI score0.00122EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2026/01/22 11:35 a.m.320 views

Exploit for Out-of-bounds Read in Libpng

Spring Boot Minimal Images PoC Dummy Spring Boot application...

7.8CVSS6.4AI score0.00352EPSS
Exploits6
Rows per page
Query Builder