CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

Cvelist•added 2026/04/06 3:10 p.m.•25 views

CVE-2026-34211 SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions...

6.9CVSS0.00395EPSS

Exploits1References1

vulnersOsv•added 2026/04/03 9:45 p.m.•6 views

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @mieweb/wikigdrive (>=2.15.0 <=2.17.1) +3 more potentially affected by CVE-2026-34211 via @nyariv/sandboxjs (>=0.5.3 <=0.8.25)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =2.15.0, =0.2.0, =11.0.0, =12.0.1 Source cves: CVE-2026-34211 Source advisory: SNYK:JS-NYARIVSANDBOXJS-15909754...

7.5CVSS5.8AI score0.00395EPSS

Exploits1

RedhatCVE•added 2025/02/14 7:41 a.m.•9 views

CVE-2024-34211

TOTOLINK CP450 v4.1.0cu.747B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root...

8.8CVSS7.4AI score0.00547EPSS

Exploits1References1

Cvelist•added 2024/05/09 2:20 p.m.•12 views

CVE-2024-34211

TOTOLINK CP450 v4.1.0cu.747B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root...

7.3AI score0.00547EPSS

Exploits1References1

CVE•added 2024/05/09 2:20 p.m.•62 views

CVE-2024-34211

Totolink CP450 v4.1.0cu.747_B20191224 contains a hardcoded password in /etc/shadow.sample that can allow an attacker to log in as root. CVSSv3.1 measures a high impact (8.8) with adjacent attack vector and no potential user interaction. Connected sources provide concrete details: affected softwar...

8.8CVSS7.4AI score0.00547EPSS

Exploits1References1Affected Software1

NVD•added 2023/07/02 10:15 p.m.•8 views

CVE-2023-34211

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

6.6AI score

Exploits0

NVD•added 2022/06/23 5:15 p.m.•12 views

CVE-2022-34211

A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...

6.5CVSS0.00468EPSS

Exploits0References1

CVE•added 2022/06/22 2:41 p.m.•95 views

CVE-2022-34211

CVE-2022-34211 describes a CSRF in the Jenkins vRealize Orchestrator Plugin (versions 3.0 and earlier) where an attacker can induce the plugin’s HTTP endpoint to perform a POST to a URL of the attacker’s choosing. The root cause is a lack of permission checks on the vulnerable HTTP endpoint, enab...

6.5CVSS6.2AI score0.00468EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/06/22 2:41 p.m.•20 views

CVE-2022-34211

A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...

7.2AI score0.00468EPSS

Exploits0References1

AlpineLinux•added 2022/06/22 2:41 p.m.•51 views

CVE-2022-34211

A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...

6.5CVSS2.5AI score0.00468EPSS

Exploits0References1

CVE•added 1976/01/01 12:0 a.m.•21 views

CVE-2023-34211

CVE-2023-34211 is rejected/not used and does not represent an active vulnerability entry.

6.8AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by