Lucene search
K

19026 matches found

Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.4 views

PT-2026-33922

Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/04/20 11:9 p.m.7 views

CVE-2026-34839

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API /api/4/ that is accessible without authentication and allows cross-origin requests from any origin due to a permissive CORS policy Access-Control-Allow-Origin: . This...

8.7CVSS5.4AI score0.00408EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/04/20 9:59 p.m.87 views

Exploit-for-OSVDB-75095-LotusCMS-3.0

LotusCMS 3.0 eval RCE — Defensive Research Overview This...

6.5AI score
Exploits0
NVD
NVD
added 2026/04/20 11:16 a.m.5 views

CVE-2026-6632

A vulnerability was identified in Tenda F451 1.0.0.7cnsvn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component httpd. The manipulation of the argument menufacturer/Go leads to buffer overflow. Remote exploitation of the attack is...

9CVSS0.00447EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/20 10:45 a.m.32 views

CVE-2026-6631 Tenda F451 httpd webExcptypemanFilter fromwebExcptypemanFilter buffer overflow

A vulnerability was determined in Tenda F451 1.0.0.7cnsvn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The...

9CVSS0.00544EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.9 views

Tenda F451 安全漏洞

The Tenda F451 is a wireless router produced by the Chinese company Tenda. The version Tenda F451 1.0.0.7cnsvn7958 contains a security vulnerability. This vulnerability arises from improper handling of the manufacturer parameter in the fromSafeClientFilter function within the httpd component in t...

9CVSS7.7AI score0.00447EPSS
Exploits0References1
Redos
Redos
added 2026/04/20 12:0 a.m.6 views

ROS-20260420-73-0028

A vulnerability in the LibSoup HTTP server access library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

8.6CVSS7.1AI score0.00947EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/04/19 7:34 p.m.145 views

Exploit for Improper Resource Shutdown or Release in Apache Http_Server

No d...

5.9CVSS6.8AI score0.03024EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/04/18 9:30 a.m.17 views

Apache Airflow allows code execution through crafted XCom payloads

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

7.2CVSS6AI score0.00822EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.10 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow, whic...

7.2CVSS6.1AI score0.00822EPSS
Exploits0References2
OSV
OSV
added 2026/04/16 11:38 p.m.10 views

BIT-DOTNET-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

7.5CVSS5.8AI score0.03002EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/16 8:44 p.m.10 views

MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport

Summary The readRequestBody function in src/transports/http/server.ts concatenates HTTP request body chunks into a string with no size limit, allowing a remote unauthenticated attacker to crash the server via memory exhaustion with a single large HTTP POST request. Details File:...

8.7CVSS5.9AI score0.00495EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/16 6:31 p.m.4 views

EUVD-2026-23271

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

6.4AI score0.01008EPSS
Exploits0References3
CVE
CVE
added 2026/04/16 3:18 p.m.69 views

CVE-2026-5426

CVE-2026-5426 affects Digital Knowledge KnowledgeDeliver prior to Feb 24, 2026, due to a hard-coded ASP.NET/IIS machineKey in web.config. This flaw enables unauthenticated attackers to bypass ViewState validation and achieve remote code execution via crafted ViewState deserialization. In observed...

9.1CVSS6.4AI score0.01008EPSS
In wildExploits0References3
RedhatCVE
RedhatCVE
added 2026/04/15 1:22 a.m.7 views

CVE-2026-6122

A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...

9CVSS7.9AI score0.00541EPSS
Exploits0References1
OSV
OSV
added 2026/04/14 10:28 p.m.4 views

GHSA-JRQ5-HG6X-J6G3 goshs has CSRF in state-changing GET routes enables authenticated file deletion and directory creation

Summary goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause an already authenticated browser to trigger destructive actions such as ?delete and ?mkdir because goshs relies on HTTP basic auth alone and performs no CSRF, Origin, or...

8.1CVSS5.8AI score0.00143EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/14 7:22 p.m.7 views

CVE-2026-32892

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move function in fileManage.lib.php passes user-controlled path values directly into exec shell commands without using...

9.1CVSS6.1AI score0.01527EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/14 4:57 p.m.11 views

CVE-2026-33096 HTTP.sys Denial of Service Vulnerability

...

7.5CVSS5.8AI score0.01248EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-32977

Name of the Vulnerable Software and Affected Versions @adonisjs/http-server versions prior to 7.8.1 @adonisjs/http-server versions 8.0.0-next.0 through 8.1.3 @adonisjs/core versions prior to 7.4.0 Description The response.redirect.back method reads the Referer header from the incoming HTTP reques...

6.1CVSS5.8AI score0.00248EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.3 views

CVE-2026-40115

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token...

7.5CVSS5.8AI score0.00334EPSS
Exploits1References1
Rows per page
Query Builder