CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

174 matches found

OSV•added 2026/04/24 12:58 p.m.•3 views

CLSA-2026-1777035524 libsoup: Fix of CVE-2026-5119

CVE-2026-5119: do not send cookies to a HTTP proxy for a HTTPS request...

8.2CVSS5.8AI score0.00014EPSS

Exploits1References1

EUVD•added 2026/04/15 6:31 p.m.•0 views

EUVD-2026-22956

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...

6.5CVSS6AI score0.00044EPSS

Exploits0References2

Cvelist•added 2026/02/03 2:22 a.m.•23 views

CVE-2026-24933 An improper certificate validation vulnerability was found in ADM while sending HTTPS requests to the server.

The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...

8.9CVSS0.00011EPSS

Exploits0References1

OSV•added 2026/01/30 4:14 p.m.•0 views

CLEANSTART-2026-XP03839 When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11

Multiple security vulnerabilities affect the tomcat9 package. When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11. See references for individual vulnerability details...

9.8CVSS7.3AI score0.55532EPSS

Exploits21References15

CVE•added 2026/01/13 4:32 p.m.•19 views

CVE-2025-47855

CVE-2025-47855 affects Fortinet FortiFone: versions 3.0.13–3.0.23 and 7.0.0–7.0.1 are vulnerable to an unauthenticated information disclosure via crafted HTTP/HTTPS requests (CWE-200). The vulnerability allows retrieval of device configuration. Remediation stated in sources: upgrade to FortiFone ...

9.8CVSS6.3AI score0.01193EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:29 a.m.•3 views

CVE-2023-50181

An improper access control vulnerability CWE-284 in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests...

6.5CVSS6.8AI score0.00161EPSS

Exploits0References1

NVD•added 2025/11/14 4:15 p.m.•7 views

CVE-2025-64446

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

9.8CVSS0.9299EPSS

Exploits15References3