CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

RedhatCVE•added 2026/05/26 8:14 p.m.•14 views

CVE-2026-47072

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...

7.5CVSS6AI score0.00039EPSS

Exploits1References1

Positive Technologies•added 2026/05/25 12:0 a.m.•14 views

PT-2026-43069

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackney ws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the intern...

6.9CVSS6AI score0.00039EPSS

Exploits1References4

Positive Technologies•added 2026/05/15 12:0 a.m.•8 views

PT-2026-41312

Name of the Vulnerable Software and Affected Versions Turborepo versions prior to 2.9.14 Description Turborepo is a high-performance build system for JavaScript and TypeScript codebases. The self-hosted login and SSO browser flows fail to validate a CSRF Cross-Site Request Forgery state value on...

6.5CVSS5.8AI score0.00021EPSS

Exploits0References5

Hacker One•added 2026/03/04 12:47 p.m.•8 views

curl: In curl's SASL OAUTHBEARER authentication, including the SOH character (0x01) in the username corrupts the message structure.

Summary: This vulnerability arises because curl fails to validate the contents of the username when constructing OAuth2 authentication messages. Depending on the server-side implementation, this could lead to log tampering or credential spoofing. Affected version curl 8.18.0...

5.8AI score

Exploits0

CVE•added 2025/10/14 5:0 p.m.•24 views

CVE-2025-59284

CVE-2025-59284 is Windows NTLM spoofing vulnerability with local attack vector affecting NTLM-related components. The description confirms exposure of sensitive information to an unauthorized actor, enabling spoofing locally. Connected MS advisories and listings indicate Microsoft released update...

5.5CVSS6.1AI score0.00039EPSS

Exploits1References1Affected Software5

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-38841

Malicious code in bioql PyPI...

3.1CVSS4.5AI score0.00345EPSS

Exploits0References3

RedhatCVE•added 2025/05/22 9:30 p.m.•6 views

CVE-2021-21448

SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can access information which would otherwise be restricted. The exploit can only be executed locally on th...

6.5CVSS6.6AI score0.00052EPSS

Exploits0References1

NVD•added 2025/01/22 5:15 p.m.•11 views

CVE-2025-24400

Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 both inclusive uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same ID as a legitimate one in a different credentials store to sign an event published to RabbitMQ with...

4.3CVSS0.0015EPSS

Exploits0References1

Vulnrichment•added 2022/02/25 6:10 p.m.•8 views

CVE-2022-21798 ICSA-22-053-02 GE Proficy CIMPLICITY-Cleartext

The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system...

7.5CVSS9.5AI score0.00117EPSS

Exploits0References1

CVE•added 2009/07/08 3:0 p.m.•39 views

CVE-2009-2381

Gizmo5 on Linux (Gizmo 3.1.0.79 and earlier) is affected by a SSL certificate validation bypass vulnerability. The root cause is that the product does not verify the server’s SSL certificate, enabling a remote server to obtain user credentials via a spoofed certificate. The CVE-2009-2381 entry is...

5CVSS6.8AI score0.00145EPSS

Exploits0References4Affected Software1