Lucene search
K

19028 matches found

OSV
OSV
added 2026/04/09 3:16 p.m.1 views

DEBIAN-CVE-2026-5440

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

7.5CVSS5.4AI score0.00566EPSS
Exploits0References1
NVD
NVD
added 2026/04/09 3:16 p.m.6 views

CVE-2026-5440

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

7.5CVSS0.00566EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/09 3:16 p.m.2 views

CVE-2026-5440

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

7.5CVSS5.8AI score0.00566EPSS
Exploits0References4
OSV
OSV
added 2026/04/09 3:16 p.m.4 views

UBUNTU-CVE-2026-5440

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

7.5CVSS5.8AI score0.00566EPSS
Exploits0References5
CVE
CVE
added 2026/04/09 2:43 p.m.16 views

CVE-2026-5440

CVE-2026-5440 describes a memory exhaustion vulnerability in an HTTP server caused by unbounded handling of the Content-Length header. The server allocates memory directly based on the attacker-supplied Content-Length value, without an upper limit, so a crafted request with a very large Content-L...

7.5CVSS5.9AI score0.00566EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 2:43 p.m.2 views

CVE-2026-5440 Memory Exhaustion via Unbounded Content-Length

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

5.8AI score0.00566EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/09 6:30 a.m.7 views

EUVD-2026-20862

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible...

10CVSS5.7AI score0.15952EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.5 views

Tenda CH22 路径遍历漏洞

Tenda CH22 is a network device produced by the Chinese company Tenda. The version Tenda CH22 1.0.0.6468 contains a path traversal vulnerability. This vulnerability stems from a path traversal issue within the R7WebsSecurityHandler function in the httpd component, which may lead to path traversal...

9.8CVSS7.1AI score0.00537EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

Orthanc 安全漏洞

Orthanc is a free open-source software developed by the Orthanc company. Orthanc has a security vulnerability, which stems from the HTTP server’s unlimited use of the Content-Length header, leading to a memory exhaustion issue. This vulnerability may cause excessive memory allocation and...

7.5CVSS5.8AI score0.00566EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.3 views

Cisco IOS Software HTTP Server DoS (cisco-sa-ios-http-dos-sbv8XRpL)

According to its self-reported version, Cisco IOS is affected by a vulnerability. - A denial of service DoS vulnerability exists in Cisco IOS Software due to improper validation of user-supplied input. An authenticated remote attacker can exploit this issue, via sending malformed HTTP requests to...

7.7CVSS5.9AI score0.0028EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/04/08 1:32 p.m.4 views

CVE-2026-5795

In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent reques...

7.4CVSS5.4AI score0.00529EPSS
Exploits0
EUVD
EUVD
added 2026/04/08 9:31 a.m.14 views

EUVD-2026-20263

Cross-Site Request Forgery CSRF vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through = 2.3.2.5...

5.9AI score0.00143EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.7 views

CVE-2026-39620

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through = 3.5.5...

9.6CVSS0.00143EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.5 views

WordPress plugin Busiprof 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.6CVSS5.7AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.4 views

CVE-2026-35471

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile missing return after path traversal check. This vulnerability is fixed in 2.0.0-beta.3...

9.8CVSS7.2AI score0.00683EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/07 8:52 p.m.2 views

CVE-2026-34045 Podman Desktop WebView Server Exposed

Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract sensitive information. By abusing missing connection...

8.2CVSS5.9AI score0.00474EPSS
Exploits1References1
OSV
OSV
added 2026/04/07 2:58 p.m.2 views

GO-2026-4879 Local Incus UI web server vulnerable to nuthentication bypass in github.com/lxc/incus

Local Incus UI web server vulnerable to nuthentication bypass in github.com/lxc/incus...

8.8CVSS5.8AI score0.00347EPSS
Exploits0References3
CVE
CVE
added 2026/04/07 12:50 p.m.15 views

CVE-2021-4473

CVE-2021-4473 affects the Tianxin Internet Behavior Management System. A command-injection flaw exists in the Reporter component endpoint, allowing unauthenticated attackers to supply an objClass parameter containing shell metacharacters and output redirection to execute arbitrary commands. This ...

9.8CVSS6.7AI score0.06165EPSS
In wildExploits1References5Affected Software1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.11 views

Podman Desktop 资源管理错误漏洞

Podman Desktop is an open-source container management tool developed by podman-desktop. Versions of Podman Desktop prior to 1.26.2 contained a resource management vulnerability. This vulnerability stemmed from an unverified HTTP server that lacked connection limits and timeout mechanisms, which...

9.1CVSS5.8AI score0.00474EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/04/06 11:24 p.m.6 views

SUSE CVE-2026-33032

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoi...

9.8CVSS5.8AI score0.38477EPSS
Exploits4References3
Rows per page
Query Builder