CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

44 matches found

Github Security Blog•added yesterday•7 views

Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP

Summary: The private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses e.g. ::ffff:127.0.0.1, allowing SSRF protection to be bypassed on dual-stack systems. Affected components backend/src/applications/files/services/files-manager.service.ts –...

5.4AI score

Exploits0References3Affected Software1

RedhatCVE•added 2025/12/17 8:7 a.m.•2 views

CVE-2025-66357

CHOCO TEI WATCHER mini IB-MCT001 contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product's resources may be consumed abnormally...

6.9CVSS6.8AI score0.00047EPSS

Exploits0References1

NVD•added 2025/12/16 5:16 a.m.•1 views

CVE-2025-66357

6.9CVSS0.00047EPSS

Exploits0References2

Vulnrichment•added 2025/12/16 4:48 a.m.•2 views

CVE-2025-66357

6.9CVSS6.5AI score0.00047EPSS

Exploits0References2

CVE•added 2025/12/16 4:48 a.m.•5 views

CVE-2025-66357

Summary: CVE-2025-66357 affects CHOCO TEI WATCHER mini (IB-MCT001). When the Video Download feature is in a specific communication state, the product may consume resources abnormally due to an improper check for unusual or exceptional conditions, potentially causing a denial of service. The Red H...

6.9CVSS6.5AI score0.00047EPSS

Exploits0References2Affected Software1

CNNVD•added 2025/12/02 12:0 a.m.•1 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome prior to version 143.0.7499.41, which stems from an improper implementation of the download feature and could lead to UI spoofing by a local attacker via a specially crafted HTML page...

4.4CVSS5.6AI score0.00005EPSS

Exploits0References3

CNNVD•added 2025/11/08 12:0 a.m.•1 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in versions of Google Chrome prior to 140.0.7339.80, which stems from an improper implementation of the download feature and could lead to a bypass of Mark of the Web...

5.4CVSS6.2AI score0.00012EPSS

Exploits0References2

Veracode•added 2025/10/15 9:0 a.m.•4 views

Improper Authorization

TYPO3 CMS is vulnerable to Improper Authorization. The vulnerability is due to missing authorization checks in the CSV download feature, which allows an attacker to disclose information from arbitrary database tables within a user’s web mounts without having proper access...

5.3CVSS6.7AI score0.00078EPSS

Exploits0References3Affected Software2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-19016

Malware in sbrugna...

6.1CVSS6.1AI score0.08093EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2010-3656

Malware in sbrugna...

7.5CVSS5.7AI score0.00358EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-20705

Malware in sbrugna...

9.8CVSS9.2AI score0.00906EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-19017

Malware in sbrugna...

8.8CVSS8.7AI score0.08015EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-50520

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00376EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 4:17 a.m.•5 views

CVE-2023-41629

A lack of input sanitizing in the file download feature of eSST Monitoring v2.147.1 allows attackers to execute a path traversal...

7.5CVSS7.1AI score0.00105EPSS

Exploits1

RedhatCVE•added 2025/05/22 7:44 p.m.•7 views

CVE-2021-32158

A Cross-Site Scripting XSS vulnerability exists in Webmin 1.973 via the Upload and Download feature...

6.1CVSS5.8AI score0.08093EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:44 p.m.•4 views

CVE-2021-32159

A Cross-site request forgery CSRF vulnerability exists in Webmin 1.973 via the Upload and Download feature...

8.8CVSS7AI score0.08015EPSS

Exploits1References1

CNNVD•added 2024/06/27 12:0 a.m.•1 views

NLTK Security Vulnerabilities

NLTK is a natural language toolkit. It is used to support research and development in natural language processing. A security vulnerability exists in NLTK version 3.8.1 and prior versions, which stems from a vulnerability that could lead to remote code execution if the integrated packet download...

9.8CVSS7.9AI score0.10792EPSS

Exploits0References5

CNNVD•added 2024/06/11 12:0 a.m.•1 views

Fortinet FortiPortal SQL Injection Vulnerability

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs. A SQL injection vulnerability exists in Fortinet FortiPortal versions 7.0.0 through 7.0.6...

4.3CVSS7.8AI score0.00269EPSS

Exploits0References3

NVD•added 2023/08/09 6:15 p.m.•9 views

CVE-2022-48584

A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

8.8CVSS9AI score0.00466EPSS

Exploits0References1

OSV•added 2023/08/09 6:15 p.m.•1 views

CVE-2022-48584

8.8CVSS5.9AI score0.00466EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by