CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

903 matches found

NVD•added 2025/03/04 4:15 p.m.•4 views

CVE-2024-50707

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request...

10CVSS0.00788EPSS

Exploits0References2

Vulnrichment•added 2025/03/04 12:0 a.m.•5 views

CVE-2024-50707

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request...

8.2AI score0.00788EPSS

Exploits0References2

CVE•added 2025/03/04 12:0 a.m.•61 views

CVE-2024-50707

CVE-2024-50707 is an unauthenticated remote code‑execution in Uniguest Tripleplay prior to version 24.2.1. The issue can be triggered by sending a crafted HTTP GET containing an X-Forwarded-For header, allowing an attacker to execute arbitrary code on affected systems. The CVSS v3.1 base score is...

10CVSS8.2AI score0.00788EPSS

Exploits0References2Affected Software1

NVD•added 2025/02/16 7:15 p.m.•12 views

CVE-2025-1357

A vulnerability classified as problematic has been found in Seventh D-Guard up to 20250206. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

5.3CVSS0.00425EPSS

Exploits0References3

Cvelist•added 2025/02/16 6:31 p.m.•11 views

CVE-2025-1357 Seventh D-Guard HTTP GET Request path traversal

5.3CVSS0.00425EPSS

Exploits0References3

Vulnrichment•added 2025/02/16 6:31 p.m.•5 views

CVE-2025-1357 Seventh D-Guard HTTP GET Request path traversal

5.3CVSS4.7AI score0.00425EPSS

Exploits0References3

CVE•added 2025/02/16 6:31 p.m.•73 views

CVE-2025-1357

CVE-2025-1357 is tied to Seventh D-Guard’s HTTP GET Request Handler path traversal vulnerability affecting versions up to 20250206. The issue allows remote initiation and has public exploit exposure; multiple sources corroborate the path traversal in the HTTP GET Request Handler component. Red Ha...

5.3CVSS4.7AI score0.00425EPSS

Exploits0References3

RedhatCVE•added 2025/02/09 6:22 p.m.•18 views

CVE-2025-1105

A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. The attack may be launched...

5.3CVSS6AI score0.00363EPSS

Exploits0References1

NVD•added 2025/02/07 6:15 p.m.•27 views

CVE-2025-1105

6.1CVSS0.00363EPSS

Exploits0References3

Cvelist•added 2025/02/07 6:0 p.m.•27 views

CVE-2025-1105 SiberianCMS HTTP GET Request flat cross site scripting

5.3CVSS0.00363EPSS

Exploits0References3

Vulnrichment•added 2025/02/07 6:0 p.m.•12 views

CVE-2025-1105 SiberianCMS HTTP GET Request flat cross site scripting

5.3CVSS6.1AI score0.00363EPSS

Exploits0References3

CVE•added 2025/02/07 6:0 p.m.•55 views

CVE-2025-1105

SiberianCMS 4.20.6 is affected by CVE-2025-1105 due to an issue in the HTTP GET Request Handler: the file /app/sae/design/desktop/flat can be manipulated to trigger cross-site scripting. The vulnerability arises from an unknown functionality in that handler, with remote exploitation and public di...

6.1CVSS6AI score0.00363EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2025/02/05 5:24 a.m.•8 views

CVE-2024-1197

A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql...

9.8CVSS7.5AI score0.00594EPSS

Exploits0References1

NVD•added 2025/01/31 12:15 a.m.•26 views

CVE-2024-23973

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of...

8.8CVSS0.00506EPSS

Exploits0References2

Vulnrichment•added 2025/01/30 11:28 p.m.•8 views

CVE-2024-23973 Silicon Labs Gecko OS HTTP GET Request Handling Stack-based Buffer Overflow

8.8CVSS8.8AI score0.00506EPSS

Exploits0References2

CVE•added 2025/01/30 11:28 p.m.•49 views

CVE-2024-23973

CVE-2024-23973 affects Silicon Labs Gecko OS. The vulnerability stems from improper validation of the length of user-supplied data during HTTP GET handling, leading to a stack-based buffer overflow. This flaw enables network-adjacent attackers to execute arbitrary code in the device’s context wit...

8.8CVSS6.8AI score0.00506EPSS

Exploits0References2Affected Software1

OSV•added 2025/01/27 5:15 p.m.•1 views

CVE-2025-0730

A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usraccountset.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request...

6.3CVSS4.4AI score

Exploits0References6

NVD•added 2025/01/27 5:15 p.m.•9 views

CVE-2025-0730

6.3CVSS0.00606EPSS

Exploits1References6

Cvelist•added 2025/01/27 5:0 p.m.•8 views

CVE-2025-0730 TP-Link TL-SG108E HTTP GET Request usr_account_set.cgi get request method with sensitive query strings

6.3CVSS0.00606EPSS

Exploits1References6

Vulnrichment•added 2025/01/27 5:0 p.m.•6 views

CVE-2025-0730 TP-Link TL-SG108E HTTP GET Request usr_account_set.cgi get request method with sensitive query strings