CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

636 matches found

CNNVD•added 2024/04/09 12:0 a.m.•4 views

Fortinet FortiSandbox 路径遍历漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from a path traversal vulnerability that can be...

8.1CVSS7.3AI score0.01159EPSS

Exploits0References2

Redos•added 2024/03/29 12:0 a.m.•29 views

ROS-20240329-22

Vulnerability in the Heerces C++ library of the BigFix Platform IT hardware co-management platform is caused by an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely, to execute arbitrary code by sending a specially crafted HTTP request...

8.8CVSS8AI score0.01381EPSS

Exploits0

Tenable Nessus•added 2024/03/22 12:0 a.m.•48 views

Oracle Linux 8 : nodejs:16 (ELSA-2024-1444)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1444 advisory. - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 nodejs-nodemon nodejs-packaging Tenable h...

7.5CVSS7.2AI score0.99999EPSS

Exploits19References3

Debian CVE•added 2024/02/20 1:31 a.m.•31 views

CVE-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

7.5CVSS7.4AI score0.03168EPSS

Exploits0

Metasploit•added 2024/01/30 7:51 p.m.•578 views

Mirth Connect Deserialization RCE

A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and...

9.8CVSS9.5AI score0.97106EPSS

Exploits22

Tenable Nessus•added 2024/01/12 12:0 a.m.•13 views

F5 Networks BIG-IP : HTTP redirect vulnerability (K000137322)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.3 / 16.1.4.2 / 17.1.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137322 advisory. - A specifically crafted HTTP request may lead the BIG-IP system to generate multiple HTTP redirect...

5.6AI score

Exploits0References1

NVD•added 2024/01/10 4:15 p.m.•41 views

CVE-2023-48730

A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...

8.5CVSS8.1AI score0.00581EPSS

Exploits0References2

Vulnrichment•added 2024/01/10 3:48 p.m.•2 views

CVE-2023-49738

An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read...

7.5CVSS9.1AI score0.01318EPSS

Exploits1References1