CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4476 matches found

Imperva Blog•added 2026/06/04 3:43 p.m.•12 views

Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS

TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service DoS vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Discovered by security firm Calif using OpenAI’s Code...

7.5CVSS5.6AI score0.0985EPSS

Exploits7

HackRead•added 2026/05/21 10:18 a.m.•14 views

Microsoft’s Retired IE Tool MSHTA Now Being Used in Fileless Malware Attacks

Despite Internet Explorer’s retirement, hackers are abusing the legacy MSHTA utility in stealthy fileless malware attacks targeting Windows users...

5.8AI score

Exploits0

CISA KEV Catalog•added 2026/02/10 12:0 a.m.•15 views

Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability

Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network...

8.8CVSS5.4AI score0.15384EPSS

In wildExploits0

RedhatCVE•added 2026/01/09 11:54 a.m.•14 views

CVE-2009-4444

Microsoft Internet Information Services IIS 5.x and 6.x uses only the portion of a filename before a ; semicolon character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a 1 .asp, 2...

6CVSS6.9AI score0.63627EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:39 a.m.•14 views

CVE-2003-1582

Microsoft Internet Information Services IIS 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inver...

2.6CVSS6.2AI score0.10325EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:38 a.m.•5 views

CVE-2003-1305

Microsoft Internet Explorer allows remote attackers to cause a denial of service resource consumption via a Javascript src attribute that recursively loads the current web page...

5CVSS6.9AI score0.01243EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:27 a.m.•11 views

CVE-2008-7295

Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS6.8AI score0.05105EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:40 a.m.•6 views

CVE-1999-0280

Remote command execution in Microsoft Internet Explorer using .lnk and .url files...

7.5CVSS7.3AI score0.15268EPSS

Exploits0References1

Positive Technologies•added 2025/12/19 12:0 a.m.•3 views

PT-2025-52588

CVE-2025-68483 - Microsoft IIS HTTP Header Injection CVE ID : CVE-2025-68483 Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 5 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

6.9AI score

Exploits0References1