Lucene search
K

11 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/14 8:6 a.m.5 views

CVE-2026-31908

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

5.8AI score0.00521EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/14 8:6 a.m.26 views

CVE-2026-31908 Apache APISIX: forward auth plugin allows header injection

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

0.00521EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/14 8:6 a.m.2 views

CVE-2026-31908 Apache APISIX: forward auth plugin allows header injection

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

5.8AI score0.00521EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32601

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

9.1CVSS5.8AI score0.00521EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.9 views

PT-2026-31646

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pe page hash calc. When page hash processing is performed on a PE file, the function...

5.5CVSS6.1AI score0.00143EPSS
Exploits0References4
NVD
NVD
added 2026/02/24 5:29 p.m.7 views

CVE-2026-27571

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS...

7.5CVSS0.00478EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/10/15 8:9 p.m.9 views

org.opensearch.dataprepper.plugins:otel-trace-group-processor (>=2.12.0 <=2.12.1) potentially affected by CVE-2025-62371 via org.opensearch.dataprepper.plugins:opensearch (>=2.12.0 <=2.12.1)

org.opensearch.dataprepper.plugins:opensearch MAVEN version =2.12.0, =2.12.0, =2.12.1 Source cves: CVE-2025-62371 Source advisory: SNYK:JAVA-ORGOPENSEARCHDATAPREPPERPLUGINS-13561982...

7.4CVSS5.8AI score0.00178EPSS
Exploits0
OSV
OSV
added 2025/03/26 5:15 p.m.3 views

DEBIAN-CVE-2025-30164

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user or one that is able to authenticate, allows to...

6.1CVSS5.3AI score0.00249EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/19 12:0 a.m.4 views

Smsot SQL Injection Vulnerability

Smsot is a professional community operation solution by China Motech Smsot. A SQL injection vulnerability exists in Smsot 2.12 and earlier versions, which stems from the parameter datasign in the file /api.php that can lead to SQL injection...

9.8CVSS7.9AI score0.00509EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/03/22 12:0 a.m.4 views

PT-2022-2681 · Pjsip +4 · Pjsip +4

Name of the Vulnerable Software and Affected Versions: PJSIP versions 2.12 and prior Description: The issue is related to a stack buffer overflow vulnerability in the PJSIP multimedia communication library, specifically affecting users of PJSUA2 or those who call the API endpoints pjmedia sdp pri...

9.8CVSS9AI score0.16406EPSS
Exploits2References115
CNNVD
CNNVD
added 2021/04/08 12:0 a.m.4 views

Aprelium Abyss Web Server 缓冲区错误漏洞

Aprelium Abyss Web Server is a web server from the Tunisian company Aprelium. A security vulnerability exists in Aprelium Abyss Web Server X1 version 2.12.1 and version 2.14, which can be exploited by an attacker to potentially cause an out-of-bounds read via an HTTP request, which could result i...

7.5CVSS5.6AI score0.01805EPSS
Exploits1References2
Rows per page
Query Builder