Lucene search
K

19026 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/22 9:37 a.m.4 views

CVE-2026-33256

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS5.8AI score0.00606EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 9:37 a.m.3 views

CVE-2026-33256 Unbounded memory allocation by internal web server

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS5.8AI score0.00606EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/22 9:37 a.m.5 views

CVE-2026-33256

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

7.5CVSS5.3AI score0.00606EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/04/22 9:37 a.m.3 views

CVE-2026-33256

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

7.5CVSS5.3AI score0.00606EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.4 views

PT-2026-34324

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is...

7.5CVSS5.2AI score0.00524EPSS
Exploits0References50
Packet Storm News
Packet Storm News
added 2026/04/22 12:0 a.m.5 views

HTTP Chunked Encoding Behavior Analyzer

This script is a security analysis tool designed to test how a web server such as Kestrel-based applications handles HTTP requests using chunked transfer encoding...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-33260

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server i...

7.5CVSS5.8AI score0.00524EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34320

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS5.8AI score0.00606EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.8 views

PT-2026-34321

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is...

8.2CVSS5.2AI score0.00731EPSS
Exploits0References51
EUVD
EUVD
added 2026/04/21 9:31 p.m.4 views

EUVD-2026-24375

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. While...

8.7CVSS5.8AI score0.00261EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/21 5:20 p.m.106 views

Exploit for Improper Input Validation in Apache Tomcat

No d...

5.3CVSS6.7AI score0.05848EPSS
Exploits2
EUVD
EUVD
added 2026/04/21 3:32 p.m.6 views

EUVD-2025-209541

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...

3.7CVSS5.8AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 3:32 p.m.9 views

EUVD-2026-24086

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shellexec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...

8.6CVSS6.1AI score0.01379EPSS
Exploits0References5
NVD
NVD
added 2026/04/21 1:16 p.m.6 views

CVE-2026-40520

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shellexec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...

8.8CVSS0.01379EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/21 10:6 a.m.2 views

CVE-2026-34839

A flaw was found in Glances, an open-source system monitoring tool. The Glances web server's REST API, accessible without authentication, has a permissive Cross-Origin Resource Sharing CORS policy. This vulnerability allows a malicious website to read sensitive system information from a running...

8.7CVSS5.8AI score0.00408EPSS
Exploits1References2
NVD
NVD
added 2026/04/21 9:16 a.m.5 views

CVE-2025-13826

Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...

8.2CVSS0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 8:19 a.m.4 views

EUVD-2025-209536

Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 8:19 a.m.31 views

CVE-2025-13826 Incorrect input validation on the Zervit portable HTTP/Web server

Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...

8.2CVSS0.00253EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 8:19 a.m.2 views

CVE-2025-13826 Incorrect input validation on the Zervit portable HTTP/Web server

Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.6 views

PT-2026-33931

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shell exec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...

8.6CVSS6.1AI score0.01379EPSS
Exploits0References5
Rows per page
Query Builder