CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax in MulticoreWare x265 through 2.4, as used by the...

5.5CVSS5.7AI score0.00138EPSS

Exploits1References2

Vulnrichment•added 2025/07/08 12:49 p.m.•2 views

CVE-2025-27055 Buffer Over-read in Camera

Memory corruption during the image encoding process...

7.8CVSS7.4AI score0.00068EPSS

Exploits0References1

Tenable Nessus•added 2025/05/31 12:0 a.m.•2 views

SUSE SLES12 Security Update : postgresql17 (SUSE-SU-2025:01765-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:01765-1 advisory. Upgrade to 17.5: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation...

5.9CVSS6.7AI score0.00326EPSS

Exploits0References4

CVE•added 2025/05/30 3:37 a.m.•62 views

CVE-2025-47952

Traefik (HTTP reverse proxy/load balancer) had a path-matching bypass vulnerability prior to 2.11.25 and 3.4.1 when a URL with an encoded path string could bypass the middleware chain and target a backend exposed via another router. Affected versions: <2.11.25 and

9.1CVSS6.4AI score0.00399EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2025/05/23 7:39 a.m.•5 views

CVE-2024-31868

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue...

6.1CVSS6AI score0.01512EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:24 p.m.•4 views

CVE-2021-29531

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the...

5.5CVSS6.8AI score0.00009EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 4:45 p.m.•6 views

CVE-2020-6305

PI Rest Adapter of SAP Process Integration update provided in SAPXIAF 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6.1CVSS6AI score0.0028EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:45 p.m.•6 views

CVE-2020-6222

SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

5.4CVSS5.9AI score0.00235EPSS

Exploits0References1

Positive Technologies•added 2025/05/06 12:0 a.m.•4 views

PT-2025-19882 · Qualcomm · Snapdragon +30

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to memory corruption that occurs during image encoding processing when the configuration is NULL in the IOCTL parameter. This can lead to unspecified consequences...

7.8CVSS6.3AI score0.00058EPSS

Exploits0References5

OSV•added 2025/04/26 3:15 p.m.•10 views

CVE-2025-46646

In Artifex Ghostscript before 10.05.0, decodeutf8 in base/gputf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954...

4.5CVSS6.8AI score

Exploits0References2

RedhatCVE•added 2025/04/11 8:37 p.m.•10 views

CVE-2025-30657

An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon SRRD of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When a device configured for flow-monitoring receives a specific BGP update message, i...

6.9CVSS7AI score0.00353EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by