CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

RedhatCVE•added 2026/04/20 10:52 a.m.•2 views

CVE-2026-29013

A flaw was found in libcoap. Attackers can send specially crafted Constrained Application Protocol CoAP requests with malformed OSCORE options or responses during OSCORE negotiation. This can trigger out-of-bounds reads during CBOR parsing and potentially lead to heap buffer overflow writes due t...

9.8CVSS6AI score0.00058EPSS

Exploits0References2

CVE•added 2026/04/17 9:11 p.m.•5 views

CVE-2026-29013

CVE-2026-29013 affects libcoap with out-of-bounds read vulnerabilities in OSCORE CBOR unwrap handling (get_byte_inc in src/oscore/oscore_cbor.c relies on assert for bounds, removed under NDEBUG). Attackers can send crafted CoAP messages during OSCORE negotiation to trigger reads beyond bounds, po...

9.8CVSS6AI score0.00058EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/01 12:17 p.m.•1 views

CVE-2025-64699

An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...

7.8CVSS6.5AI score0.00018EPSS

Exploits1References1

RedhatCVE•added 2025/12/11 5:16 a.m.•3 views

CVE-2025-59391

A flaw was found in libcoap. This vulnerability allows information disclosure or denial of service via an out-of-bounds read when parsing certain OSCORE Object Security for Constrained RESTful Environments configuration values...

6.5CVSS5.8AI score0.00098EPSS

Exploits0References2

NVD•added 2025/12/08 5:16 p.m.•2 views

CVE-2025-59391

A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This...

6.5CVSS0.00098EPSS

Exploits0References2

OSV•added 2025/12/08 5:16 p.m.•0 views

UBUNTU-CVE-2025-59391

6.5CVSS5.8AI score0.00098EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2000-0333

Malware in sbrugna...

2.1CVSS6.4AI score0.00103EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-0527

Malware in sbrugna...

6.5CVSS6.4AI score0.00461EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2016-9984

Malware in sbrugna...

7.5CVSS7.6AI score0.00499EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-7048

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.2198EPSS

Exploits0References11

CNNVD•added 2025/06/10 12:0 a.m.•1 views

Salesforce OmniStudio 安全漏洞

Salesforce OmniStudio is a digitization platform from US-based Salesforce, Inc. A security vulnerability exists in versions prior to Salesforce OmniStudio Spring 2025 that stems from an improper privilege retention issue that could lead to the bypass of OmniUICard object security controls...

5.3CVSS9.1AI score0.0026EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 4:22 p.m.•4 views

CVE-2020-15126

In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object...

6.5CVSS6.9AI score0.00461EPSS

Exploits0

Cvelist•added 2025/05/17 9:7 p.m.•28 views

CVE-2025-4921

...

Exploits0

Cvelist•added 2025/04/04 5:0 a.m.•9 views

CVE-2025-3197

Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...

7.3CVSS0.00313EPSS

Exploits0References3

Prion•added 2023/11/28 2:15 p.m.•15 views

Design/Logic Flaw

Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object...

6.5CVSS7.1AI score0.00058EPSS

Exploits0References1Affected Software1

Prion•added 2019/09/08 3:15 a.m.•12 views

Design/Logic Flaw

Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c...

7.5CVSS9.4AI score0.0047EPSS

Exploits0References2Affected Software2

Tenable Nessus•added 2012/08/29 12:0 a.m.•289 views

RHEL 6 : thunderbird (RHSA-2012:1211)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2012:1211 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious...

10CVSS8.8AI score0.05074EPSS

Exploits2References34

securityvulns•added 2006/07/08 12:0 a.m.•36 views

Mico crashes when contected with wrong IOR / DoS

== == == TOC == == == 1. Affected Vendor 2. Affected Product 3. Vulnerability 4. Safety Hazard 5. Disclosure Timeline 6. Vendor Response 7. Patch / Workaround 8. Vulnerability Details --------------------- == 1. Affected Vendor == Object Security == 2. Affected Products == MICO - Mico is CORBA,...

6.9AI score

Exploits0

Cvelist•added 2000/07/12 4:0 a.m.•21 views

CVE-2000-0334

The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule...

6.5AI score0.00103EPSS

Exploits0References2

NVD•added 2000/04/24 4:0 a.m.•13 views

CVE-2000-0334

2.1CVSS6.5AI score0.00103EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by