CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3465 matches found

Github Security Blog•added 2026/05/05 7:52 p.m.•4 views

requests-hardened is Vulnerable to Server-Side Request Forgery

The SSRF protection in requests-hardened prior to version 1.2.1 fails to block IP addresses within the RFC 6598 Shared Address Space 100.64.0.0/10. An attacker who can supply arbitrary URLs to requests-hardened could exploit this gap to access internal services hosted within 100.64.0.0/10. This i...

6.5CVSS5.9AI score0.00013EPSS

Exploits0References6Affected Software1

Circl•added 2026/02/16 9:0 p.m.•3 views

CVE-2026-2001

creationtimestamp| type| source ---|---|--- 2026-02-16 21:00:18+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3meywyyysql2o 2026-02-16 21:00:32+00:00| seen| https://infosec.exchange/users/offseq/statuses/116082318733803629 2026-02-16 22:33:00+00:00| seen|...

8.8CVSS5.1AI score0.00321EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 11:42 a.m.•5 views

CVE-2001-1465

SurfControl SuperScout only filters packets containing both an HTTP GET request and a Host header, which allows local users to bypass filtering by fragmenting packets so that no packet contains both data elements...

4.6CVSS6.7AI score0.00058EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:42 a.m.•4 views

CVE-2001-1557

Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gain privileges...

7.5CVSS7.2AI score0.00417EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:42 a.m.•5 views

CVE-2001-1548

ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters...

2.1CVSS6.8AI score0.00054EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:41 a.m.•4 views

CVE-2001-1532

WebX stores authentication information in the HTTPREFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions...

5CVSS7AI score0.00467EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:40 a.m.•6 views

CVE-2001-1510

Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server JWS, and possibly other web servers allows remote attackers to read arbitrary files and directories by appending 1 "%3f.jsp", 2 "?.jsp" or 3 "?" to the requested URL...

5CVSS7.2AI score0.03731EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:40 a.m.•5 views

CVE-2001-1518

RunAs runas.exe in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service RunAs hang by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the...

2.1CVSS6.8AI score0.01608EPSS

Exploits1References1