Lucene search
K

114 matches found

OSV
OSV
added 2026/07/08 9:6 p.m.4 views

CVE-2026-35210 OpenCTI: Authorization Bypass via `synchronized-upsert` HTTP Header Injection

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS6.1AI score0.00252EPSS
Exploits0References6
OSV
OSV
added 2026/07/06 8:10 a.m.4 views

CVE-2026-49097 Apache Camel: Camel-IRC: The irc.sendTo (and other irc.*) Exchange header constants used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to redirect outgoing IRC messages to arbitrary channels or users

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...

6.5CVSS6.2AI score0.00428EPSS
Exploits0References4
CVE
CVE
added 2026/07/06 8:8 a.m.11 views

CVE-2026-48205

Summary: CVE-2026-48205 describes an SSRF vulnerability in the Apache Camel DNS component where DNS operation headers can be supplied via non-Camel header names (dns.server, dns.name, dns.domain, dns.type, dns.class, term) because the HTTP header filter is insufficient. This allows an unauthentic...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 8:6 a.m.39 views

CVE-2026-48204 Apache Camel: Camel-MongoDB-GridFS: The gridfs.* control headers used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to switch the GridFS operation - including destructive file deletion - in the default configuration

Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gridfs component. The camel-mongodb-gridfs producer selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set - which is the...

0.00452EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 8:6 a.m.6 views

EUVD-2026-41839

Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gridfs component. The camel-mongodb-gridfs producer selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set - which is the...

9.8CVSS6AI score0.00452EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 8:6 a.m.2 views

CVE-2026-48204 Apache Camel: Camel-MongoDB-GridFS: The gridfs.* control headers used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to switch the GridFS operation - including destructive file deletion - in the default configuration

Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gridfs component. The camel-mongodb-gridfs producer selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set - which is the...

9.8CVSS6.1AI score0.00452EPSS
Exploits0References5
CVE
CVE
added 2026/07/06 7:55 a.m.14 views

CVE-2026-46453

Technical details for CVE-2026-46453 are not publicly available in the provided documents. No affected products, versions, impact, or fixes are enumerated here. Monitor official advisories for updates.

5.3CVSS6AI score0.00451EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:34 p.m.6 views

CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

6.3CVSS5.6AI score0.00313EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-22618

A security misconfiguration was identified in Eaton Intelligent Power Protector IPP, where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available...

7.1CVSS5.4AI score0.00233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.12 views

CVE-2026-42249

Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These...

9.8CVSS6.6AI score0.00625EPSS
Exploits1References1
PyPA
PyPA
added 2026/06/03 2:16 p.m.9 views

PYSEC-0000-CVE-2026-44546

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

5.3CVSS5.5AI score0.00172EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/19 1:45 p.m.13 views

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS7AI score0.00463EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/19 1:33 p.m.12 views

python: Python: HTTP header injection via CR/LF in proxy tunnel headers

A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...

5.7CVSS7.2AI score0.00562EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.16 views

Lexmark Printers Improper Input Validation (CVE-2010-0101)

The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service operating system halt via a malformed HTTP Authorization header. This plugin...

7.8CVSS5.9AI score0.01217EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 7:22 a.m.5 views

SUSE-SU-2026:1745-1 Security update for rmt-server

This update for rmt-server fixes the following issues: Update to version 2.27. Security issues fixed: - CVE-2026-26961: rack: greedy multipart boundary parsing can lead to parser differentials and WAF bypass bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can le...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-43870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers...

7.3CVSS6AI score0.00394EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/04 5:19 a.m.82 views

vulnerability-research

Vulnerability Research & Responsible Disclosure Shivam Paji...

5.8AI score
Exploits0
CVE
CVE
added 2026/04/29 11:44 a.m.132 views

CVE-2026-42249

CVE-2026-42249 affects Ollama for Windows and is a remote code execution in the update mechanism caused by improper handling of attacker-controlled HTTP response headers. Update file paths are built from header-derived values and passed to filepath.Join, enabling path traversal (../) and writing ...

9.8CVSS6.5AI score0.00625EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/17 6:54 p.m.2 views

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS6.6AI score0.00463EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/16 6:31 a.m.9 views

EUVD-2026-23177

A security misconfiguration was identified in Eaton Intelligent Power Protector IPP, where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available...

5.9CVSS5.7AI score0.00233EPSS
Exploits0References2
Rows per page
Query Builder