CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2727 matches found

RedhatCVE•added 2025/05/22 2:15 a.m.•17 views

CVE-2012-4391

Cross-site request forgery CSRF vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations...

6.8CVSS7.4AI score0.01001EPSS

Exploits0References1

Packet Storm News•added 2025/05/19 12:0 a.m.•6 views

An Automated Blackbox Noncompliance Checker for QUIC Server Implementations

We develop QUICtester, an automated approach for uncovering non-compliant behaviors in the ratified QUIC protocol implementations RFC 9000/9001. QUICtester leverages active automata learning to abstract the behavior of a QUIC implementation into a finite state machine FSM representation. Unlike...

6.9AI score

Exploits0

F5 Networks•added 2025/05/19 12:0 a.m.•18 views

K000151411: Apache Tomcat vulnerability CVE-2025-31651

Security Advisory Description CVE-2025-31650 Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger a...

9.8CVSS9.3AI score0.66365EPSS

Exploits6Affected Software36

Cvelist•added 2025/05/16 2:2 p.m.•33 views

CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout

Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...

6.4CVSS0.00337EPSS

Exploits0References3

Snyk•added 2025/05/14 5:35 p.m.•1 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...

8.3CVSS7.5AI score

Exploits0References2

NVD•added 2025/05/13 9:16 p.m.•3 views

CVE-2025-20100

Improper access control in the memory controller configurations for some IntelR XeonR 6 processor with E-cores may allow a privileged user to potentially enable escalation of privilege via local access...

8.7CVSS0.00126EPSS

Exploits0References1

Cvelist•added 2025/05/13 9:2 p.m.•7 views

CVE-2025-20100

8.7CVSS0.00126EPSS

Exploits0References1

Akamai Blog•added 2025/05/13 10:20 a.m.•5 views

Introducing Linode Interfaces: Better Network Management (Open Beta)

Join the beta for Linode Interfaces, a new network management tool offering clearer configurations, better security, and smarter routing...

7AI score

Exploits0

RedHat Linux•added 2025/05/13 8:42 a.m.•5 views

php: cgi.force_redirect configuration is bypassable due to the environment variable collision

A flaw was found in PHP. The configuration directive cgi.forceredirect prevents anyone from calling PHP directly with a URL such as http://host.example/cgi-bin/php/secretdir/script.php. However, in certain uncommon configurations, an attacker may be able to bypass this restriction and access...

7.5CVSS5.7AI score0.01077EPSS

Exploits1References6

Snyk•added 2025/05/12 3:40 p.m.•1 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to the ordering of code used to start an MCP server container. An attacker can read secrets without needing access to the secrets store itself by gaining access to the home folder of the user who...

3.2CVSS7.1AI score0.00107EPSS

Exploits0References2

RedhatCVE•added 2025/05/11 10:9 a.m.•32 views

CVE-2025-46392

A flaw was found in the Apache Commons Configuration. This vulnerability allows uncontrolled resource consumption via loading untrusted configuration files or attacker-controlled usage patterns. Mitigation Mitigation for this issue is either not available or the currently available options do not...

3.3CVSS6AI score0.02054EPSS

Exploits0References6

SUSE CVE•added 2025/05/11 2:0 a.m.•3 views

SUSE CVE-2025-46392

Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuratio...

6.5CVSS9.4AI score0.01663EPSS

Exploits0References2

Snyk•added 2025/05/09 12:31 p.m.•1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due several issues in the loading of untrusted configurations. An attacker can cause excessive resource consumption by manipulating the configuration data or introducing unexpected...

6.9CVSS7.1AI score0.01663EPSS

Exploits0References2