Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
an-http vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-14037
CrushFTP prior to 7.8.0 and 8.x prior to 8.2.0 has an HTTP header vulnerability.
Crushftp Crushftp
Crushftp Crushftp 8.0.3
Crushftp Crushftp 8.0.4
Crushftp Crushftp 8.1.0
Crushftp Crushftp 8.0.2
258
VMScore
CVE-2015-4640
The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle malicious users to write to language-pack files by modifying an HTTP response. NOTE: CV...
Swiftkey Swiftkey Sdk
605
VMScore
CVE-2009-2066
Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle malicious users to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a s...
Apple Safari 1.0.0b2
Apple Safari 1.0.1
Apple Safari 1.1.0
Apple Safari 1.1
Apple Safari 1.2.5
Apple Safari 1.3
Apple Safari 2.0
Apple Safari 2.0.0
Apple Safari 2.0.3
Apple Safari 1.0.0
Apple Safari 1.0.0b1
Apple Safari 1.0
Apple Safari 1.2.3
Apple Safari 1.2.4
Apple Safari 0.9
Apple Safari 1.0.3
Apple Safari 1.2.0
Apple Safari 1.2.1
Apple Safari 1.2.2
Apple Safari 1.3.2
Apple Safari 3
Apple Safari 3.0
516
VMScore
CVE-2009-2068
Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle malicious users to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a ...
Opera Opera 5.0
Opera Opera 5.02
Opera Opera 5.1
Opera Opera 5.5
Opera Opera 5.6
Opera Opera 6.01
Opera Opera 6.02
Opera Opera 6.12
Opera Opera 6
Opera Opera 7.03
Opera Opera 7.10
Opera Opera 7.50
Opera Opera 8.0
Opera Opera 8.54
Opera Opera 9.0
Opera Opera 5.12
Opera Opera 5.2
Opera Opera 5.9
Opera Opera 6.0
Opera Opera 6.05
Opera Opera 6.06
Opera Opera 7.0
605
VMScore
CVE-2009-2067
Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle malicious users to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script f...
Opera Opera Browser 9.10
Opera Opera Browser 7.23
Opera Opera Browser 8.0
Opera Opera Browser 9.01
Opera Opera Browser 9.0
Opera Opera Browser 7.53
Opera Opera Browser 8.51
Opera Opera Browser 8.53
Opera Opera Browser 9.20
Opera Opera Browser 9.12
Opera Opera Browser 9.02
Opera Opera Browser 9.21
Opera Opera Browser 8.54
Opera Opera Browser 8.01
Opera Opera Browser 7.60
Opera Opera Browser 8.52
Opera Opera Browser 7.54
Opera Opera Browser 7.0
Opera Opera Browser 8.02
Opera Opera Browser 8.50
Opera Opera Browser
445
VMScore
CVE-2020-15576
SolarWinds Serv-U File Server prior to 15.2.1 allows information disclosure via an HTTP response.
Solarwinds Serv-u
605
VMScore
CVE-2009-2065
Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle malicious users to execute arbitrary web script, in an https site's context, by modifying an http page to inc...
Mozilla Firefox 0.1
Mozilla Firefox 0.6
Mozilla Firefox 0.6.1
Mozilla Firefox 0.9.3
Mozilla Firefox 0.9
Mozilla Firefox 1.0.6
Mozilla Firefox 1.0.7
Mozilla Firefox 1.5.0.11
Mozilla Firefox 1.5.0.12
Mozilla Firefox 1.5.0.8
Mozilla Firefox 1.5.0.9
Mozilla Firefox 1.5.1
Mozilla Firefox 1.5
Mozilla Firefox 2.0.0.16
Mozilla Firefox 2.0.0.17
Mozilla Firefox 2.0.0.7
Mozilla Firefox 2.0.0.9
Mozilla Firefox 2.0.0.8
Mozilla Firefox 2.0 .6
Mozilla Firefox 2.0 .9
Mozilla Firefox 3.0.5
Mozilla Firefox 3.0.6
445
VMScore
CVE-2003-1152
WebTide 7.04 allows remote malicious users to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?").
Infrontech Webtide 7.0.4
NA
CVE-2021-33621
The cgi gem prior to 0.1.0.2, 0.2.x prior to 0.2.2, and 0.3.x prior to 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
Ruby-lang Cgi
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Ruby-lang Ruby
445
VMScore
CVE-2020-28851
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
Golang Go 1.15.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »