CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

192 matches found

CVE-2026-50168

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints an...

8.8CVSS0.00279EPSS

Exploits0References2

Tenable Nessus•added 2026/06/17 12:0 a.m.•6 views

Bosch Security Systems IP Cameras Uncontrolled Resource Consumption (CVE-2021-23852)

An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service DoS. This plugin only works with Tenable.ot. Please visit...

4.9CVSS5.3AI score0.00825EPSS

Exploits0References2

OSV•added 2026/06/15 4:39 p.m.•12 views

GHSA-XRXM-CP7J-8XF6 @angular/platform-server: URL Parser Differential leading to SSRF Allowlist Bypass

An issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints and direct server-side outgoing requests to arbitrary external endpoints. This occurs due to a parser differential between the strict WHATWG URL parser used for allowlist validation and t...

8.8CVSS5.7AI score0.00279EPSS

Exploits0References3

ATTACKERKB•added 2026/05/19 11:1 a.m.•6 views

CVE-2026-7504

A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further...

8.1CVSS5.7AI score0.00488EPSS

Exploits0References7

OSV•added 2026/03/27 2:41 p.m.•5 views

CLSA-2026-1774622460 squid: Fix of 3 CVEs

CVE-2025-59362: fix ASN.1 encoding of long SNMP OIDs - CVE-2026-33526: do not escape malformed URI twice when sending ICP errors - CVE-2026-33515: fix validation of ICP packet sizes and URLs...

9.2CVSS5.8AI score0.02738EPSS

Exploits1References1

Cvelist•added 2026/03/21 12:47 p.m.•27 views

CVE-2019-25571 MediaMonkey 4.1.23 Denial of Service via Malformed URL

MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a...

6.9CVSS0.00178EPSS

Exploits1References4

Tenable Nessus•added 2026/01/16 12:0 a.m.•5 views

MiracleLinux 7 : [security - medium] qt5 (AXSA:2019-4200:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4200:01 advisory. qt5-qtbase: Double free in QXmlStreamReader CVE-2018-15518 qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service...

9.8CVSS6.7AI score0.03382EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 8:42 a.m.•19 views

CVE-2022-31093

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

7.5CVSS6.9AI score0.01308EPSS

Exploits0References1

OSV•added 2025/10/27 7:6 p.m.•5 views

CVE-2025-53533 Pi-hole Admin Interface vulnerable to cross-site scripting via malformed URL path on 404 error page

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...

5.1CVSS6.3AI score0.00514EPSS

Exploits2References3

Cvelist•added 2025/10/27 7:6 p.m.•10 views

CVE-2025-53533 Pi-hole Admin Interface vulnerable to cross-site scripting via malformed URL path on 404 error page

5.1CVSS0.00514EPSS

Exploits2References1

RedhatCVE•added 2025/10/14 8:34 p.m.•3 views

CVE-2025-58084

Mattermost Desktop App versions = 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL...

6.5CVSS6.9AI score0.0027EPSS

Exploits0References1

CVE•added 2025/10/13 7:57 p.m.•15 views

CVE-2025-58084

Mattermost Desktop App up to version 5.13.0 is affected. The issue is due to improper validation of URLs external to configured Mattermost servers, allowing a malicious server to crash the user’s application by sending a malformed external URL. Affected product: Mattermost Desktop App (versions

6.5CVSS6.5AI score0.0027EPSS

Exploits0References1Affected Software1