CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

44 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в libvncserver

It was discovered that the websockets.c file in LibVNCServer prior to version 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, resulting in a heap-based buffer overflow...

9.8CVSS7.6AI score0.06869EPSS

Exploits0References2

Github Security Blog•added 2026/05/18 5:0 p.m.•9 views

dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport

Summary dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive rmcp dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local dynoxide mcp --http or dynoxide serve --mcp server with a non-loopback Host...

8.8CVSS5.8AI score0.00006EPSS

Exploits0References4Affected Software2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-6228

Malware in sbrugna...

6.5CVSS7.3AI score0.00318EPSS

Exploits1References7

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-25150

Malware in sbrugna...

7.5CVSS7.5AI score0.00238EPSS

Exploits1References2

Fedora•added 2023/05/07 1:24 a.m.•17 views

[SECURITY] Fedora 38 Update: rust-cargo-c-0.9.12-4.fc38

Helper program to build and install c-like libraries...

7.5CVSS7AI score0.00318EPSS

Exploits1

SUSE CVE•added 2023/02/15 6:21 a.m.•1 views

SUSE CVE-2003-0431

The tvbgetnstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences...

10CVSS7.1AI score0.00553EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 4:8 a.m.•1 views

SUSE CVE-2019-15690

LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution...

7.5CVSS9.9AI score0.04329EPSS

Exploits0References9

NVD•added 2021/08/16 4:15 a.m.•9 views

CVE-2021-38712

OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file...

7.5CVSS0.00238EPSS

Exploits1References1

Prion•added 2021/08/16 4:15 a.m.•13 views

Information disclosure

OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file...

5CVSS7.4AI score0.00238EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/08/16 3:35 a.m.•12 views

CVE-2021-38712

OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file...

7.5AI score0.00238EPSS

Exploits1References1

CNNVD•added 2021/08/16 12:0 a.m.•3 views

OneNav 安全漏洞

OneNav is a minimalist navigation/bookmark management system developed using PHP. A security vulnerability exists in OneNav 0.9.12 which allows information disclosure of onenav.db3 content...

7.5CVSS7.3AI score0.00238EPSS

Exploits1References1

CNNVD•added 2021/08/05 12:0 a.m.•3 views

OneNav 跨站脚本漏洞

OneNav is a minimalist navigation/bookmark management system developed using PHP. OneNav beta 0.9.12 suffers from a cross-site scripting vulnerability, which allows attackers to conduct XSS attacks via the Add Link feature...

5.4CVSS5.4AI score0.0026EPSS

Exploits2References6

Positive Technologies•added 2021/08/05 12:0 a.m.•3 views

PT-2021-21960 · Onenav · Onenav

Name of the Vulnerable Software and Affected Versions: OneNav beta version 0.9.12 Description: The issue allows for XSS via the Add Link feature. The vendor has stated that there is intentionally no XSS protection at present, as the attack risk is largely limited to a compromised account. However...

5.4CVSS6AI score0.0026EPSS

Exploits2References7

Debian•added 2021/06/16 4:28 a.m.•48 views

[SECURITY] [DLA 2687-1] prosody security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2687-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky June 15, 2021 https://wiki.debian.org/LTS -...

5.9CVSS6.1AI score0.04627EPSS

Exploits0

OSV•added 2020/11/27 6:15 p.m.•19 views

CVE-2020-25708

A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service...

7.5CVSS6.4AI score

Exploits0References2

Cvelist•added 2020/11/27 5:41 p.m.•17 views

CVE-2020-25708

7.2AI score0.00784EPSS

Exploits1References2

Debian CVE•added 2020/11/27 5:41 p.m.•21 views

CVE-2020-25708

7.5CVSS7.8AI score0.00784EPSS

Exploits1

AlpineLinux•added 2020/11/27 5:41 p.m.•33 views

CVE-2020-25708

7.5CVSS7.4AI score0.00784EPSS

Exploits1

OSV•added 2020/11/13 12:0 a.m.•0 views

UBUNTU-CVE-2020-25708

7.5CVSS7.1AI score0.00784EPSS

Exploits1References4

Positive Technologies•added 2020/09/01 12:0 a.m.•2 views

PT-2020-15458 · Jenkins · Jenkins Git Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Parameter Plugin versions 0.9.12 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the repository field on the 'Build with Parameters' page is not properly escape...

8CVSS5.1AI score0.00233EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by