CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 has an improper restriction on write operations within the bounds of a memory buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands...

9.8CVSS7.1AI score0.02607EPSS

Exploits1References1

CVE•added 2026/05/12 9:51 p.m.•11 views

CVE-2026-42545

Granian is a Rust HTTP server for Python applications. Vulnerable from 0.2.0 up to 2.7.4, where the WSGI response conversion path uses .unwrap() on header name and value constructors; malformed headers trigger a worker process abort instead of handling the error. This results in a Denial of Servi...

5.9CVSS5.8AI score0.00052EPSS

Exploits0References1

Vulnrichment•added 2026/05/11 6:6 p.m.•3 views

CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

2.1CVSS6AI score0.00022EPSS

Exploits0References3

NVD•added 2026/03/29 5:16 p.m.•1 views

CVE-2026-34005

In Sofia on Xiongmai DVR/NVR AHB7008T-MH-V2 and NBD7024H-P 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol TCP port 34567 request to the NetWork.NetCommon configuration handler, because system is used...

8.8CVSS0.00094EPSS

Exploits0References2

EUVD•added 2026/01/15 12:0 a.m.•4 views

EUVD-2026-2707

A Stored Cross-Site Scripting XSS vulnerability in Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to execute arbitrary scripts via a crafted payload due to unsanitized repeater AP SSID value when is displayed in any page at...

5.4CVSS5.2AI score0.00019EPSS

Exploits1References3

Positive Technologies•added 2025/12/15 12:0 a.m.•1 views

PT-2025-51231

NetSupport Manager 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI...

8.7CVSS7.9AI score0.00116EPSS

Exploits0References3

CVE•added 2025/11/24 12:0 a.m.•7 views

CVE-2025-65494

CVE-2025-65494 affects libcoap (notably libcoap 4.3.5 and Fedora 4.3.5a packages). It stems from a NULL pointer dereference in get_san_or_cn_from_cert() inside src/coap_openssl.c, which can be triggered by a crafted X.509 certificate and may cause a denial of service. The vulnerability is reporte...

7.5CVSS6.3AI score0.00152EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-10989

Malware in sbrugna...

6.1CVSS6.3AI score0.0024EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 2:32 a.m.•2 views

CVE-2023-1172

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

7.2CVSS5.9AI score0.03777EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 12:40 p.m.•2 views

CVE-2010-3750

rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value...

9.3CVSS7.9AI score0.01516EPSS

Exploits0References1

Cvelist•added 2025/04/15 8:12 p.m.•6 views

CVE-2025-30511 Growatt Cloud Applications Cross-site Scripting

An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant...

8.8CVSS0.00496EPSS

Exploits0References1

SUSE CVE•added 2023/02/15 4:34 a.m.•1 views

SUSE CVE-2017-1000494

Uninitialized stack variable vulnerability in NameValueParserEndElt upnpreplyparse.c in miniupnpd 2.0 allows an attacker to cause Denial of Service Segmentation fault and Memory Corruption or possibly have unspecified other impact...

7.8CVSS7.5AI score0.0008EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 3:52 a.m.•1 views

SUSE CVE-2020-28022