Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
httpd.c in atophttpd 2.8.0 has an off-by-one error and resultant out-of-bounds read because a certain 1024-character req string would not have a final '\0' character.
Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.
@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the pr
A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characte
CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body
An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). A Stack buffer out-of-bounds access exists because of an integer underflow when handling newl
A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.
A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is s
@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression `/<(
CVE-2023-46586
CRITICAL CVSS 9.1
Find Similar
cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.
Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute arbitrary code via supplying a crafted HTTP request.
CVE-2024-46455
CRITICAL CVSS 9.8
Find Similar
unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser.
CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is sending a crafted HTTPS packet to the webserver.
In the Linux kernel, the following vulnerability has been resolved: slip: bound decode() reads against the compressed packet length slhc_uncompress() parses a VJ-compressed TCP header by advancing a
An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string.
CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver.
Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the
ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and including 3.7.8, a CRLF (Carriage Return Line Feed) injection vulner
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size c
Page 1+ Next →