CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

221 matches found

CNNVD•added 2026/05/12 12:0 a.m.•7 views

Apache Tomcat 授权问题漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Vulnerabilities exist in versions of Apache Tomcat ranging from 11.0.0-M1 to 11.0.21, from 10.1.0-M1 to 10.1.54, from 9.0.0.M1 t...

9.1CVSS5.8AI score0.00414EPSS

Exploits1References1

CNNVD•added 2026/05/08 12:0 a.m.•4 views

RedwoodSDK 跨站请求伪造漏洞

RedwoodSDK is an open-source React-based server-first web application framework developed by RedwoodJS. Versions of RedwoodSDK from 1.0.0-beta.50 to 1.2.3 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the use of HTTP methods on the server without source...

5.3CVSS5.7AI score0.00111EPSS

Exploits0References2

Vulnrichment•added 2026/04/21 11:17 p.m.•1 views

CVE-2026-41059 OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...

8.2CVSS5.7AI score0.00275EPSS

Exploits0References1

GithubExploit•added 2026/03/18 1:2 p.m.•113 views

SQLInject

Sqlinject 💉 Advanced SQL Injection Scanner with WAF Bypass...

6AI score

Exploits0

NVD•added 2026/02/19 10:16 p.m.•7 views

CVE-2026-26317

OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. A...

7.1CVSS0.0014EPSS

Exploits0References3