CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

RedhatCVE•added 2026/04/20 7:22 p.m.•2 views

CVE-2026-40303

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request t...

7.5CVSS5.8AI score0.00453EPSS

Exploits0References1

NVD•added 2026/04/17 9:16 p.m.•3 views

CVE-2026-40303

7.5CVSS0.00453EPSS

Exploits0References2

Positive Technologies•added 2026/04/16 12:0 a.m.•5 views

PT-2026-33379

Summary endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request to an OAuth-protected proxy share, allowing an unauthenticated remote attacker to trigger...

7.5CVSS5.7AI score0.00453EPSS

Exploits0References8

Packet Storm•added 2026/02/03 12:0 a.m.•142 views

📄 Chromium Memory Corruption Trigger Simulation

This is a theoretical trigger simulation for a Chromium-class vulnerability associated with memory corruption scenarios commonly affecting the V8 JavaScript engine or the Blink rendering engine. The code intentionally performs heap allocation patterns and unsafe memory access attempts in order to...

6.5CVSS6.1AI score0.00224EPSS

Exploits1

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2025-23882

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00533EPSS

Exploits0References3

SUSE CVE•added 2025/08/07 11:22 p.m.•4 views

SUSE CVE-2025-47908

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

5.3CVSS6.8AI score0.00533EPSS

Exploits0References7

OSV•added 2025/08/06 9:31 p.m.•3 views

GHSA-VH9X-PHQ6-FX54 Duplicate Advisory: Denial of service via malicious preflight requests in github.com/rs/cors

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mh55-gqvf-xfwm. This link is maintained to preserve external references. Original Description Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include ...

6.9CVSS6.2AI score0.00533EPSS

Exploits0References5

Github Security Blog•added 2025/08/06 9:31 p.m.•8 views

Duplicate Advisory: Denial of service via malicious preflight requests in github.com/rs/cors

7.5CVSS6.2AI score0.00533EPSS

Exploits0References5Affected Software1

NVD•added 2025/08/06 9:15 p.m.•5 views

CVE-2025-47908

7.5CVSS0.00533EPSS

Exploits0References3

OSV•added 2025/08/06 9:15 p.m.•2 views

CVE-2025-47908

7.5CVSS5.8AI score0.00533EPSS

Exploits0References3

Cvelist•added 2025/08/06 8:41 p.m.•6 views

CVE-2025-47908 Denial of service via malicious preflight requests in github.com/rs/cors

0.00533EPSS

Exploits0References3

Vulnrichment•added 2025/08/06 8:41 p.m.•5 views

CVE-2025-47908 Denial of service via malicious preflight requests in github.com/rs/cors

6.3AI score0.00533EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 3:9 a.m.•3 views

CVE-2023-21366

In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.7AI score0.00083EPSS

Exploits0References1

Veracode•added 2024/07/08 7:28 a.m.•8 views

Denial Of Service (DoS)

github.com/rs/cors is vulnerable to Denial of Service DoS. The vulnerability is due to excessive heap allocations when processing malicious preflight requests that include an Access-Control-Request-Headers ACRH header with many commas, which allows attackers can cause undue stress on the...

7AI score

Exploits0

Github Security Blog•added 2024/07/05 7:42 p.m.•11 views

Denial of service via malicious preflight requests in github.com/rs/cors

7.5CVSS7AI score0.00533EPSS

Exploits0References6Affected Software1

OSV•added 2024/07/05 7:42 p.m.•5 views

GHSA-MH55-GQVF-XFWM Denial of service via malicious preflight requests in github.com/rs/cors

7.5CVSS7AI score0.00533EPSS

Exploits0References6

OSV•added 2024/07/02 7:20 p.m.•20 views

GO-2024-2883 Denial of service via malicious preflight requests in github.com/rs/cors

7.5CVSS7AI score0.00533EPSS

Exploits0References2

Positive Technologies•added 2024/07/02 12:0 a.m.•3 views

PT-2025-32214 · Unknown · Middleware

Name of the Vulnerable Software and Affected Versions: Middleware affected versions not specified Description: The middleware experiences excessive heap allocations when handling malicious preflight requests containing a large number of commas within the Access-Control-Request-Headers ACRH header...

7.5CVSS6.1AI score0.00533EPSS

Exploits0References17

OSV•added 2023/10/30 5:15 p.m.•1 views

CVE-2023-21366

5.5CVSS5.9AI score0.00083EPSS

Exploits0References1

n0where•added 2018/06/20 6:8 p.m.•25 views

Detailed Heap Profiler: Memoro

Memoro is a highly detailed heap profiler. Memoro not only shows you where and when your program makes heap allocations, but will show you how your program actually used that memory. Memoro collects detailed information on accesses to the heap, including reads and writes to memory and when they...

6.9AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by