CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2484 matches found

OSV•added 2025/10/29 11:16 p.m.•4 views

AZL-69140 CVE-2025-58186 affecting package msft-golang 1.24.13-1

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

5.3CVSS7.2AI score0.005EPSS

Exploits0References1

Tenable Nessus•added 2025/10/28 12:0 a.m.•4 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-7840-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7840-1 advisory. It was discovered that the REXML module bunded into Ruby incorrectly handled parsing XML documents with repeated instances of...

7.5CVSS6.8AI score0.02064EPSS

Exploits1References7

OSV•added 2025/10/27 7:16 p.m.•1 views

CVE-2025-12365

Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

5.3CVSS5.8AI score

Exploits0References1

EUVD•added 2025/10/25 5:31 a.m.•6 views

EUVD-2025-35905

The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address spoofing in all versions up to, and including, 2.7.11. This is due to the plugin trusting client-controlled HTTP headers such as X-Forwarded-For, HTTPCLIENTIP, and similar headers to determine user IP...

3.7CVSS5.3AI score0.00279EPSS

Exploits0References5

Positive Technologies•added 2025/10/25 12:0 a.m.•6 views

PT-2025-43704

Name of the Vulnerable Software and Affected Versions Password Protected plugin for WordPress versions prior to 2.7.12 Description The Password Protected plugin for WordPress is susceptible to authorization bypass through IP address spoofing. This occurs because the plugin relies on...

3.7CVSS6.2AI score0.00279EPSS

Exploits0References8

OSV•added 2025/10/23 12:15 p.m.•6 views

UBUNTU-CVE-2025-62396

An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not properly configured...

5.3CVSS5.8AI score0.00274EPSS

Exploits0References4

Cvelist•added 2025/10/23 11:28 a.m.•6 views

CVE-2025-62396 Moodle: router (r.php) could expose application directories

An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not properly configured...

5.3CVSS0.00274EPSS

Exploits0References2

Tenable Nessus•added 2025/10/08 12:0 a.m.•4 views

RockyLinux 9 : golang (RLSA-2025:10676)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:10676 advisory. net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 Tenable has extracted the preceding description block directly from th...

6.8CVSS6.4AI score0.0056EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2012-0507

Malware in sbrugna...

2.6CVSS9.2AI score0.01858EPSS

Exploits0References10

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2012-4855

Malware in sbrugna...

2.6CVSS7.1AI score0.02079EPSS

Exploits1References11