Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
an-http vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-14037
CrushFTP prior to 7.8.0 and 8.x prior to 8.2.0 has an HTTP header vulnerability.
Crushftp Crushftp
Crushftp Crushftp 8.0.3
Crushftp Crushftp 8.0.4
Crushftp Crushftp 8.1.0
Crushftp Crushftp 8.0.2
NA
CVE-2009-2067
Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle malicious users to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script f...
Opera Opera Browser 9.10
Opera Opera Browser 7.23
Opera Opera Browser 8.0
Opera Opera Browser 9.01
Opera Opera Browser 9.0
Opera Opera Browser 7.53
Opera Opera Browser 8.51
Opera Opera Browser 8.53
Opera Opera Browser 9.20
Opera Opera Browser 9.12
Opera Opera Browser 9.02
Opera Opera Browser 9.21
Opera Opera Browser 8.54
Opera Opera Browser 8.01
Opera Opera Browser 7.60
Opera Opera Browser 8.52
Opera Opera Browser 7.54
Opera Opera Browser 7.0
Opera Opera Browser 8.02
Opera Opera Browser 8.50
Opera Opera Browser
NA
CVE-2015-4640
The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle malicious users to write to language-pack files by modifying an HTTP response. NOTE: CV...
Swiftkey Swiftkey Sdk
NA
CVE-2009-2066
Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle malicious users to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a s...
Apple Safari 1.0.0b2
Apple Safari 1.0.1
Apple Safari 1.1.0
Apple Safari 1.1
Apple Safari 1.2.5
Apple Safari 1.3
Apple Safari 2.0
Apple Safari 2.0.0
Apple Safari 2.0.3
Apple Safari 1.0.0
Apple Safari 1.0.0b1
Apple Safari 1.0
Apple Safari 1.2.3
Apple Safari 1.2.4
Apple Safari 0.9
Apple Safari 1.0.3
Apple Safari 1.2.0
Apple Safari 1.2.1
Apple Safari 1.2.2
Apple Safari 1.3.2
Apple Safari 3
Apple Safari 3.0
NA
CVE-2009-2068
Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle malicious users to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a ...
Opera Opera 5.0
Opera Opera 5.02
Opera Opera 5.1
Opera Opera 5.5
Opera Opera 5.6
Opera Opera 6.01
Opera Opera 6.02
Opera Opera 6.12
Opera Opera 6
Opera Opera 7.03
Opera Opera 7.10
Opera Opera 7.50
Opera Opera 8.0
Opera Opera 8.54
Opera Opera 9.0
Opera Opera 5.12
Opera Opera 5.2
Opera Opera 5.9
Opera Opera 6.0
Opera Opera 6.05
Opera Opera 6.06
Opera Opera 7.0
7.5
CVSSv3
CVE-2020-15576
SolarWinds Serv-U File Server prior to 15.2.1 allows information disclosure via an HTTP response.
Solarwinds Serv-u
NA
CVE-2009-2065
Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle malicious users to execute arbitrary web script, in an https site's context, by modifying an http page to inc...
Mozilla Firefox 0.1
Mozilla Firefox 0.6
Mozilla Firefox 0.6.1
Mozilla Firefox 0.9.3
Mozilla Firefox 0.9
Mozilla Firefox 1.0.6
Mozilla Firefox 1.0.7
Mozilla Firefox 1.5.0.11
Mozilla Firefox 1.5.0.12
Mozilla Firefox 1.5.0.8
Mozilla Firefox 1.5.0.9
Mozilla Firefox 1.5.1
Mozilla Firefox 1.5
Mozilla Firefox 2.0.0.16
Mozilla Firefox 2.0.0.17
Mozilla Firefox 2.0.0.7
Mozilla Firefox 2.0.0.9
Mozilla Firefox 2.0.0.8
Mozilla Firefox 2.0 .6
Mozilla Firefox 2.0 .9
Mozilla Firefox 3.0.5
Mozilla Firefox 3.0.6
NA
CVE-2003-1152
WebTide 7.04 allows remote malicious users to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?").
Infrontech Webtide 7.0.4
8.8
CVSSv3
CVE-2021-33621
The cgi gem prior to 0.1.0.2, 0.2.x prior to 0.2.2, and 0.3.x prior to 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
Ruby-lang Cgi
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Ruby-lang Ruby
7.5
CVSSv3
CVE-2020-28851
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
Golang Go 1.15.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »