CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1082 matches found

Limit Login Attempts WordPress - Stored Cross-site Scripting

Limit Login Attempts WordPress plugin 4.0.50 contains a stored cross-site scripting caused by not escaping IP addresses controlled via headers like X-Forwarded-For before outputting them in reports, letting unauthenticated attackers execute scripts in admin context. id: CVE-2021-24657 info: name:...

6.1CVSS6.3AI score0.00538EPSS

Exploits2References2

SUSE CVE•added 3 days ago•8 views

SUSE CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS5.7AI score0.00046EPSS

Exploits1References3

GithubExploit•added 4 days ago•46 views

portswigger-labs

PortSwigger Web Security Academy — Lab Notes Notes from compl...

5.8AI score

Exploits0

Tenable Nessus•added 6 days ago•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-46527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a...

8.7CVSS5.7AI score0.00046EPSS

Exploits1References3

NVD•added last week•8 views

CVE-2026-46527

8.7CVSS0.00046EPSS

Exploits1References1

OSV•added last week•4 views

DEBIAN-CVE-2026-46527

7.5CVSS5.7AI score0.00046EPSS

Exploits1References1

OSV•added last week•4 views

UBUNTU-CVE-2026-46527

8.7CVSS5.7AI score0.00046EPSS

Exploits1References3

Vulnrichment•added last week•6 views

CVE-2026-46527 cpp-httplib: Malicious `X-Forwarded-For` Under Trusted-Proxy Configuration Triggers Empty `vector::front()`, Leading to Undefined Behavior and Server Crash

8.7CVSS5.7AI score0.00046EPSS

Exploits1References1

CVE•added last week•12 views

CVE-2026-46527

cpp-httplib (C++11 header-only library) before 0.44.0 is vulnerable when Server::set_trusted_proxies() is used with a non-empty trusted-proxy list. An attacker can send an HTTP request with an X-Forwarded-For header that parses to no valid IP segments. The code path then calls get_client_ip(), wh...

8.7CVSS5.7AI score0.00046EPSS

Exploits1References1Affected Software1

Cvelist•added last week•30 views

CVE-2026-46527 cpp-httplib: Malicious `X-Forwarded-For` Under Trusted-Proxy Configuration Triggers Empty `vector::front()`, Leading to Undefined Behavior and Server Crash

8.7CVSS0.00046EPSS

Exploits1References1

ATTACKERKB•added last week•6 views

CVE-2026-46527

8.7CVSS5.7AI score0.00046EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2026/05/29 12:0 a.m.•4 views

PT-2026-44991

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set trusted proxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no vali...

8.7CVSS5.7AI score0.00046EPSS

Exploits1References2

CNNVD•added 2026/05/29 12:0 a.m.•4 views

cpp-httplib 代码问题漏洞

cpp-httplib is a C++ library developed by Yhirose, designed for HTTP/HTTPS servers and clients. Versions of cpp-httplib prior to 0.44.0 contained code vulnerabilities. These vulnerabilities occurred when the server had a non-empty trusted proxy list; attackers could send HTTP requests with the...

8.7CVSS5.9AI score0.00046EPSS

Exploits1References1

NVD•added 2026/05/23 7:16 p.m.•9 views

CVE-2018-25349

userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators...

6.1CVSS0.0003EPSS

Exploits0References2

Cvelist•added 2026/05/23 6:30 p.m.•25 views

CVE-2018-25349 userSpice 4.3.24 Cross-Site Scripting via X-Forwarded-For Header

6.1CVSS0.0003EPSS

Exploits0References2

ATTACKERKB•added 2026/05/23 6:30 p.m.•6 views

CVE-2018-25349

6.1CVSS5.7AI score0.0003EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/20 5:31 a.m.•10 views

CVE-2026-2955

CVE-2026-2955 affects the WordPress plugin “AI Chatbot & Workflow Automation by AIWU” up to version 1.4.14. The issue is a Stored Cross-Site Scripting (XSS) vulnerability that can be triggered via the X-Forwarded-For header due to insufficient input sanitization and output escaping. It is exploit...

6.4CVSS6AI score0.00061EPSS

Exploits0References2

ATTACKERKB•added 2026/05/20 5:31 a.m.•3 views

CVE-2026-2955

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.4CVSS6AI score0.00061EPSS

Exploits0References3

Vulnrichment•added 2026/05/20 5:31 a.m.•8 views

CVE-2026-2955 AI Chatbot & Workflow Automation by AIWU <= 1.4.14 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' Header

6.4CVSS6AI score0.00061EPSS

Exploits0References2

Positive Technologies•added 2026/05/20 12:0 a.m.•8 views

PT-2026-42107

6.4CVSS6AI score0.00061EPSS

Exploits0References3

Rows per page