CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2025/11/12 12:0 a.m.•3 views

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-2400)

6.5CVSS7.1AI score0.00257EPSS

OpenVAS•added 2025/11/12 12:0 a.m.•1 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-2428)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.00257EPSS

IBM Security Bulletins•added 2025/11/11 2:43 p.m.•13 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.307 Vulnerability Details CVEID:CVE-2025-57810 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in C...

9.8CVSS9.5AI score0.80733EPSS

Exploits7Affected Software1

OSV•added 2025/11/10 8:15 p.m.•3 views

CVE-2025-60876

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

6.5CVSS5.8AI score

Exploits0References3

OSV•added 2025/11/10 8:15 p.m.•2 views

AZL-69985 CVE-2025-60876 affecting package busybox 1.35.0-18

6.5CVSS5.7AI score0.00069EPSS

Exploits1References1

Positive Technologies•added 2025/11/10 12:0 a.m.•2 views

PT-2025-46190

Name of the Vulnerable Software and Affected Versions BusyBox versions through 1.3.7 Description The software accepts raw CR 0x0D/LF 0x0A and other C0 control bytes within the HTTP request-target path/query. This allows an attacker to split the request line and inject controlled headers...

7.2CVSS6.5AI score0.00491EPSS

Exploits6References37

Veracode•added 2025/11/06 6:36 a.m.•5 views

HTTP Request Smuggling

Http4s is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of the HTTP trailer section, which allows an attacker—when the app is deployed behind a reverse proxy that forwards trailer headers—to bypass front-end security controls, target active users, and poison...

7.5CVSS6.9AI score0.00108EPSS

Exploits1References2Affected Software3

Redos•added 2025/11/05 12:0 a.m.•9 views

ROS-20251105-06

The vulnerability of Microsoft .NET Framework, .NET software platforms, and Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Exploitation...

Redos•added 2025/11/05 12:0 a.m.•6 views

ROS-20251105-07

MSRC•added 2025/10/28 12:0 a.m.•8 views

Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know

On October 14, 2025, Microsoft released a security update addressingCVE-2025-55315, a vulnerability in ASP.NET Core that allows HTTP request smuggling. While request smuggling is a known technique, this security update addresses a scenario with a high CVSS score to help encourage mitigation actio...

9.9CVSS6.9AI score0.01681EPSS

Vulnrichment•added 2025/10/27 5:2 a.m.•5 views

CVE-2025-12225 Tenda AC6 HTTP Request WifiGuestSet stack-based overflow

A vulnerability has been found in Tenda AC6 15.03.06.50. This issue affects some unknown processing of the file /goform/WifiGuestSet of the component HTTP Request Handler. Such manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be launched remotely. The...

9CVSS8.9AI score0.00272EPSS

Exploits1References5

EUVD•added 2025/10/27 5:2 a.m.•2 views

EUVD-2025-36086

9CVSS6.9AI score0.00272EPSS

Exploits1References6

Snyk•added 2025/10/24 7:15 p.m.•0 views

HTTP Request Smuggling

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Request Smuggling via the CORS middleware, which copies the Vary header from the request to the response when the origin is not set to "". An attacker can influence cache behavior or...

6.9CVSS7AI score

GithubExploit•added 2025/10/24 2:19 p.m.•255 views

Exploit for HTTP Request Smuggling in Microsoft

CVE-2025-55315 Vulnerability Scanner and TLS Proxy This repos...

9.9CVSS6.8AI score0.01681EPSS

Amazon•added 2025/10/23 12:0 a.m.•7 views

Critical: dotnet9.0

Issue Overview: Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate privileges locally. CVE-2025-55247 Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a...

Amazon•added 2025/10/23 12:0 a.m.•5 views

Critical: dotnet8.0

Snyk•added 2025/10/22 7:37 p.m.•4 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the audit logging process. An attacker can obtain sensitive information by accessing improperly redacted HTTP request bodies recorded in audit logs. This may expose short-lived...

7.5CVSS6.5AI score0.00047EPSS