CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

Tenable Nessus•added 2026/01/30 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2024-10491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data i...

5.3CVSS5.8AI score0.00253EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-4104

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00081EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-0673

Malicious code in bioql PyPI...

7.5CVSS8.2AI score0.00408EPSS

Exploits1References5

Vulnrichment•added 2025/05/30 6:30 a.m.•8 views

CVE-2025-48936 ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection

Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...

8.1CVSS8.4AI score0.00186EPSS

Exploits0References2

RedHat Linux•added 2025/05/06 7:58 a.m.•3 views

thunderbird: User Interface (UI) Misrepresentation of attachment URL

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the...

6.4CVSS6.5AI score0.00106EPSS

Exploits0References7

ATTACKERKB•added 2025/02/14 8:15 p.m.•2 views

CVE-2025-25290

@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...

5.3CVSS5.5AI score0.00081EPSS

Exploits0References7Affected Software1

NVD•added 2025/02/14 8:15 p.m.•9 views

CVE-2025-25290

5.3CVSS0.00081EPSS

Exploits0References6

CVE•added 2025/02/14 7:37 p.m.•300 views

CVE-2025-25290

CVE-2025-25290 affects Octokit’s request.js: the code path that parses HTTP Link headers uses an unbounded RegExp (/]+)>; rel="deprecation"/) to match deprecation links. This enables a ReDoS (Regular Expression Denial of Service) by crafted link headers, causing high CPU use and potential serv...

5.3CVSS6.3AI score0.00081EPSS

Exploits0References6

OSV•added 2025/02/14 7:37 p.m.•10 views

CVE-2025-25290 @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

5.3CVSS6.4AI score0.00081EPSS

Exploits0References8

Github Security Blog•added 2025/02/14 6:0 p.m.•11 views

@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary The regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regular Expression Denial of Service attack. This vulnerability arises due to the unbounded nature of the regex's matching behavior, which can lead to catastrophic...

5.3CVSS6.8AI score0.00081EPSS

Exploits0References8Affected Software1

OSV•added 2025/02/14 6:0 p.m.•5 views

GHSA-RMVR-2PP2-XJ38 @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

5.3CVSS5.3AI score0.00081EPSS

Exploits0References8

SUSE CVE•added 2025/02/14 5:34 a.m.•1 views

SUSE CVE-2024-10491

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...

5.3CVSS6.7AI score0.00253EPSS

Exploits1References3

RedhatCVE•added 2024/10/29 7:55 p.m.•11 views

CVE-2024-10491

A flaw was found in the Express Node.js framework. In certain versions, an attacker may be able to trigger an arbitrary resource injection attack via the link header when unsanitized data is used...

5.4CVSS7.1AI score0.00253EPSS

Exploits1References4

Github Security Blog•added 2024/10/29 6:30 p.m.•12 views

Express ressource injection

5.3CVSS7.1AI score0.00253EPSS

Exploits1References4Affected Software1

OSV•added 2024/10/29 6:30 p.m.•13 views

GHSA-CM5G-3PGC-8RG4 Express ressource injection

4CVSS5AI score0.00253EPSS

Exploits1References4

NVD•added 2024/10/29 5:15 p.m.•16 views

CVE-2024-10491

5.3CVSS0.00253EPSS

Exploits1References1

OSV•added 2024/10/29 5:15 p.m.•12 views

CVE-2024-10491

5.3CVSS5.5AI score0.00253EPSS

Exploits1References1

OSV•added 2024/10/29 5:15 p.m.•0 views

UBUNTU-CVE-2024-10491

5.3CVSS7.3AI score0.00253EPSS

Exploits1References3

Vulnrichment•added 2024/10/29 4:23 p.m.•20 views

CVE-2024-10491 Preload arbitrary resources by injecting additional `Link` headers

4CVSS7.3AI score0.00253EPSS

Exploits1References1

CVE•added 2024/10/29 4:23 p.m.•62 views

CVE-2024-10491

The CVE-2024-10491 entry concerns the Express framework: the response.links function mishandles sanitization of Link header values, enabling arbitrary resource injection via certain characters (e.g., , ; ). Public-connected docs (GHSA, OSV, Debian OSV entries) reiterate the same issue and describ...

5.3CVSS4.6AI score0.00253EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by