Lucene search
K

133 matches found

CNNVD
CNNVD
added 2026/02/26 12:0 a.m.11 views

PcVue 安全漏洞

PcVue is a reliable, secure, and powerful operational software platform developed by PcVue Corporation. It is specifically designed for monitoring and controlling applications in industries such as building management and park management. Versions 12.0.0 to 16.3.3 of PcVue contain security...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/26 12:0 a.m.5 views

SUSE SLES12 Security Update : python36 (SUSE-SU-2026:0612-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0612-1 advisory. - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. -...

6CVSS7.2AI score0.0055EPSS
Exploits0References19
SUSE Linux
SUSE Linux
added 2026/02/25 4:29 p.m.5 views

Security update for python3

This update for python3 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

8.7CVSS5.5AI score0.0055EPSS
Exploits0References24
OSV
OSV
added 2026/02/25 4:27 p.m.3 views

SUSE-SU-2026:0643-1 Security update for python39

This update for python39 fixes the following issues: - CVE-2025-11468: Fixed a header injection when folding a long comment in an email header containing exclusively unfoldable characters. bsc1257029 - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters...

6CVSS5.6AI score0.0055EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

Monica 安全漏洞

Monica is an AI assistant of the Monica company. Version 4.1.2 of Monica contains a security vulnerability, which stems from improper handling of HTTP headers, potentially leading to header poisoning attacks...

9.1CVSS5.8AI score0.00391EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/18 1:40 p.m.26 views

CVE-2025-8308 Reflected XSS in Key Software's INFOREX

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Through HTTP Headers. This issue affects INFOREX- General Information Management System: from 2025 and...

6.3CVSS0.00152EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.8 views

Key INFOREX 跨站脚本漏洞

Key INFOREX is a financial and banking management system developed by the Turkish company Key. The Key INFOREX version 2025 and earlier versions had a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation, which could allow cross-site...

6.3CVSS5.7AI score0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

Fortinet FortiOS 环境问题漏洞

Fortinet FortiOS is a security operating system developed by Fortinet Corporation, specifically for use on the FortiGate network security platform. This system provides users with various security features, including firewalls, antivirus protection, IPSec/SSL VPN, web content filtering, and...

5.8CVSS6.1AI score0.00351EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/02/05 6:18 p.m.10 views

USN-8018-1: Python vulnerabilities

Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this issue to inject arbitrary headers into email messages. This issue only affected python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, and...

6.3CVSS7.8AI score0.00708EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/02/05 3:48 p.m.6 views

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS5.7AI score0.00463EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/02/04 12:0 a.m.4 views

CVE-2025-71031

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...

5.5AI score0.00478EPSS
Exploits1References3
OSV
OSV
added 2026/01/29 3:16 p.m.4 views

CVE-2025-7713

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers.This issue affects Content Management System CMS: through 21072025...

6.1CVSS5.8AI score0.00175EPSS
Exploits0References1
NVD
NVD
added 2026/01/29 3:16 p.m.8 views

CVE-2025-7713

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers. This issue affects Content Management System CMS: through 21072025...

7.5CVSS0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.5 views

PT-2026-5295

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers.This issue affects Content Management System CMS: through 21072025...

7.5CVSS5.9AI score0.00175EPSS
Exploits0References2
NVD
NVD
added 2026/01/27 7:16 p.m.6 views

CVE-2026-22263

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available...

5.3CVSS0.00401EPSS
Exploits0References3
NVD
NVD
added 2026/01/27 4:16 p.m.5 views

CVE-2021-47900

Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...

9.8CVSS0.00602EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/27 3:23 p.m.3 views

CVE-2021-47900

Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...

9.8CVSS6.7AI score0.00602EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/27 3:23 p.m.8 views

EUVD-2021-34749

Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...

9.8CVSS6.7AI score0.00602EPSS
Exploits0References4
OSV
OSV
added 2026/01/26 2:50 p.m.4 views

BIT-PYTHON-MIN-2026-0865 wsgiref.headers.Headers allows header newline injection

User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS5.9AI score0.00463EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2026/01/07 4:10 p.m.2 views

CVE-2026-22543 WEEK ENCODING FOR PASSWORDS

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

6.9CVSS6.5AI score0.00176EPSS
Exploits0References1
Rows per page
Query Builder