Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11240 matches found

Tenable Nessus
Tenable Nessusadded 2025/09/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2012-4230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allow...

4.3CVSS7.1AI score0.0058EPSS
Exploits2References2
Hacker One
Hacker Oneadded 2025/09/02 7:7 p.m.19 views

curl: Heap-buffer-overflow (Out-of-Bounds Read) in DoH hostname encoding

Summary: I found a heap-buffer-overflow in the dohreqencode function in lib/doh.c. The bug happens when curl processes a DNS-over-HTTPS request for a hostname that is an empty string. The code gets the string length as 0, then tries to access hostlen - 1, which becomes host-1. This is an...

7.7AI score
Exploits0
OSV
OSVadded 2025/09/02 4:46 p.m.2 views

GHSA-MXH2-CCGJ-8635 ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header

Summary On the ESP-IDF platform, ESPHome's webserver authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value e.g., correct username with partial password. This allows access to webserver functionality...

8.1CVSS6.3AI score0.04759EPSS
Exploits1References4
RedHat Linux
RedHat Linuxadded 2025/09/02 5:11 a.m.6 views

postgresql: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination...

5.9CVSS7.4AI score0.00326EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2025/09/02 5:7 a.m.3 views

postgresql: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination...

5.9CVSS7.4AI score0.00326EPSS
Exploits0References5
NVD
NVDadded 2025/09/02 1:15 a.m.1 views

CVE-2025-57808

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's webserver authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correc...

8.1CVSS0.04759EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2025/09/02 12:0 a.m.2 views

PT-2025-35518

Name of the Vulnerable Software and Affected Versions ESPHome versions 2025.8.0 Description ESPHome’s web server authentication check on the ESP-IDF platform can incorrectly pass when the client-supplied base64-encoded Authorization value is empty or a substring of the correct value. This allows...

8.1CVSS6.5AI score0.04759EPSS
Exploits1References15
Tenable Nessus
Tenable Nessusadded 2025/09/02 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-33037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstance...

5.3CVSS6.8AI score0.01865EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/01 2:8 p.m.5 views

Security Bulletin: This vulnerability can lead to cache poisoning, data exposure, session manipulation, etc , which affects IBM watsonx.data

Summary Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning...

7.5CVSS6.6AI score0.00085EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessusadded 2025/09/01 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-46646

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Artifex Ghostscript before 10.05.0, decodeutf8 in base/gputf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for...

4.5CVSS6.3AI score0.00062EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/08/30 6:20 p.m.3 views

CVE-2025-0083

In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

4CVSS5.6AI score0.00084EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-12606

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a...

5.4CVSS6AI score0.0005EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2020-1944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content...

9.8CVSS8.1AI score0.01208EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-14320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this...

6.5CVSS5.3AI score0.00498EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-46848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Libtasn1 before 4.19.0 has an ETYPEOK off-by-one array size check that affects asn1encodesimpleder. CVE-2021-46848 Note that Nessus relies on the presence o...

9.1CVSS7AI score0.0041EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-21299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can...

8.1CVSS7.2AI score0.00577EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2024-45699

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection o...

7.5CVSS6.6AI score0.00142EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-47641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the...

6.5CVSS5.8AI score0.00397EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-46700

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libsixel 1.8.6, sixelencoderoutputwithoutmacro called from sixelencoderencodeframe in encoder.c has a double free. CVE-2021-46700 Note that Nessus relies on...

6.5CVSS6.6AI score0.00436EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2020-26939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observab...

5.3CVSS6.6AI score0.02437EPSS
Exploits0References2
Rows per page
Query Builder