CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•7 views

Astra Linux - уязвимость в xrdp

xrdp is an open-source RDP server. Before version 0.10.5, xrdp contained an unauthenticated stack-based buffer overflow vulnerability. The issue arises from improper bounds checking when processing user domain information during the connection process. If exploited, this vulnerability could allow...

9.8CVSS6.7AI score0.00207EPSS

Exploits0References2

OSV•added 2026/04/25 8:50 a.m.•5 views

CLSA-2026-1776878817 squid: Fix of 13 CVEs

CVE-2018-1000027: fix NULL pointer dereference in clientFollowXForwardedForCheck for transactions without a client connection - CVE-2018-19131: fix XSS via X.509 certificate fields rendered unescaped in SSL error pages - CVE-2019-12520: prevent cache poisoning by suppressing URL userinfo from...

9.8CVSS6.8AI score0.65998EPSS

Exploits2References1

SUSE CVE•added 2026/01/28 12:25 a.m.•3 views

SUSE CVE-2025-68670

xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote...

8.1CVSS6.7AI score0.00207EPSS

Exploits0References6

OSV•added 2026/01/27 4:16 p.m.•2 views

UBUNTU-CVE-2025-68670

9.8CVSS6.8AI score0.00207EPSS

Exploits0References6

EUVD•added 2026/01/27 3:52 p.m.•2 views

EUVD-2025-206388

9.1CVSS6.7AI score0.00207EPSS

Exploits0References3

ATTACKERKB•added 2026/01/27 3:52 p.m.•2 views

CVE-2025-68670

9.1CVSS6.7AI score0.00207EPSS

Exploits0References4Affected Software1

Tenable Nessus•added 2026/01/22 12:0 a.m.•4 views

Azure Linux 3.0 Security Update: kernel (CVE-2024-56760)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56760 advisory. - In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain...

5.5CVSS6.7AI score0.00017EPSS

Exploits0References2

OSV•added 2025/12/16 3:6 p.m.•2 views

CVE-2025-68295 smb: client: fix memory leak in cifs_construct_tcon()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix memory leak in cifsconstructtcon When having a multiuser mount with domain= specified and using cifscreds, cifssetcifscreds will end up setting @ctx-domainname, so it needs to be freed before leaving...

6.3AI score0.00076EPSS

Exploits0References10

FreeBSD•added 2025/12/06 12:0 a.m.•4 views

xrdp -- remote code execution

Denis Skvortsov, Security Researcher at Kaspersky reports: xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerabili...

9.8CVSS6.6AI score0.00207EPSS

Exploits0References1

OSV•added 2025/10/27 1:15 p.m.•2 views

CVE-2025-41384

Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...

6.1CVSS6.3AI score

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-1026

Malware in sbrugna...

5.3CVSS5.5AI score0.00749EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-53372

Malicious code in bioql PyPI...

5.5CVSS7.2AI score0.00015EPSS

Exploits0References8

Tenable Nessus•added 2025/09/05 12:0 a.m.•1 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : Ruby vulnerabilities (USN-7734-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7734-1 advisory. It was discovered that Ruby incorrectly handled certain IO stream methods. A remote attacker could use this...

9.8CVSS7.2AI score0.0883EPSS

Exploits1References5

OSV•added 2025/03/19 11:31 a.m.•4 views

SUSE-SU-2025:20154-1 Security update for python311

This update for python311 fixes the following issues: - Skip PGO with %wantreproduciblebuilds bsc1239210 - CVE-2025-0938: Disallows square brackets and in domain names for parsed URLs bsc1236705. - Configure externallymanaged with a bcond bsc1228165. - Update to 3.11.11: - Tools/Demos - gh-123418...

9.8CVSS7AI score0.07956EPSS

Exploits6References42

CVE•added 2025/01/06 4:20 p.m.•197 views

CVE-2024-56760

The CVE-2024-56760 issue is a Linux kernel PCI/MSI handling bug where a lack of irqdomain on RISCV platforms triggered a bogus legacy fallback warning. The root cause is an incorrect legacy-mode check in the PCI MSI domain path; the fix updates pci_msi_domain_supports() to evaluate legacy mode an...

5.5CVSS6.5AI score0.00017EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2024/12/29 11:30 a.m.•2 views

CVE-2024-56723 mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices

In the Linux kernel, the following vulnerability has been resolved: mfd: intelsocpmicbxtwc: Use IRQ domain for PMIC devices While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has inherited flaws. This was unveiled when...

7.5AI score0.00008EPSS

Exploits0References8

OSV•added 2023/12/06 12:11 p.m.•1 views

USN-6535-1 curl vulnerabilities

Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains. CVE-2023-46218 Maksymilian Arciemowicz discovered that curl incorrectly handled long file...

6.5CVSS6.6AI score0.00213EPSS

Exploits2References3

OSV•added 2021/09/22 11:6 a.m.•11 views

SUSE-SU-2021:3184-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames bsc1188881. - CVE-2021-22931: Fixed improper handling of untypical characters in domain names bsc1189370. - CVE-2021-22940: Use after free on close http2 on stream canceling bsc118936...

9.8CVSS7.8AI score0.00662EPSS

Exploits3References11

OSV•added 2020/06/30 11:53 a.m.•4 views

SUSE-SU-2020:1803-1 Security update for squid

This update for squid fixes the following issues: - CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake bsc1173304. - CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi bsc1167373...

6.5CVSS7.6AI score0.04339EPSS

Exploits0References5

BDU FSTEC•added 2019/10/01 12:0 a.m.•3 views

The vulnerability of the fly-admin-freeipa-server graphical tool for running the FreeIPA service on the Astra Linux operating system involves disclosing information through registration files. This allows a perpetrator to access confidential data and compromise its integrity.

The vulnerability of the fly-admin-freeipa-server graphical tool for running the FreeIPA service on the Astra Linux operating system is related to an error in the handling of options when creating and deleting domains, as well as errors in the handling of restart information. Exploiting this...

5.2CVSS5.5AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by