CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

Hacker One•added 2026/05/01 5:32 p.m.•10 views

curl: libcurl 8.20.0 incomplete fix for CVE-2026-7168: changing only CURLOPT_PROXYPORT leaks stale Proxy Digest auth to a different proxy

Summary: I found an incomplete-fix variant of CVE-2026-7168 in curl 8.20.0. The 8.20.0 fix clears state.proxydigest / state.authproxy when CURLOPTPROXY changes, but not when only CURLOPTPROXYPORT changes. On the same easy handle, request 1 through proxyA CURLOPTPROXYPORT=18197 learns Proxy Digest...

5.3CVSS5.8AI score0.00079EPSS

Exploits1

CVE•added 2026/04/22 12:0 a.m.•1 views

CVE-2026-35548

GuardSix/Logpoint guardsix ODBC Enrichment Plugins before 5.2.1 contain a logic flaw: stored database credentials can be reused after changing target Host/IP/Port. When editing an existing Enrichment Source, previously stored credentials remain and can be redirected to unintended internal systems...

8.5CVSS5.7AI score0.00038EPSS

Exploits0References2Affected Software2

Veracode•added 2026/03/27 5:48 a.m.•2 views

Cross-Site Request Forgery (CSRF)

1Panel is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protections such as anti-CSRF tokens or Origin/Referer validation in the port-change endpoint, which allows an attacker to trick an authenticated user into submitting a malicious request that changes...

7.1CVSS7.1AI score0.00041EPSS

Exploits0References3Affected Software1

SUSE CVE•added 2026/01/06 12:27 a.m.•3 views

SUSE CVE-2025-34429

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...

7.1CVSS7.1AI score0.00041EPSS

Exploits0References2

RedhatCVE•added 2025/12/11 7:0 p.m.•1 views

CVE-2025-34429

7.1CVSS7AI score0.00041EPSS

Exploits0References1

Snyk•added 2025/12/10 9:31 p.m.•1 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the port-change endpoint in the web port configuration process. An attacker can cause service disruption or loss of access by tricking an authenticated user into submitting a crafted request, which...

7.1CVSS6.6AI score0.00041EPSS

Exploits0References2

Snyk•added 2025/12/10 9:31 p.m.•3 views

Cross-site Request Forgery (CSRF)

7.1CVSS6.4AI score0.00041EPSS

Exploits0References2

OSV•added 2025/12/10 9:31 p.m.•3 views

GHSA-WRVC-X3WF-J5F5 1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality

7.1CVSS6.9AI score0.00041EPSS

Exploits0References5

Github Security Blog•added 2025/12/10 9:31 p.m.•5 views

1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality

7.1CVSS7AI score0.00041EPSS

Exploits0References5Affected Software1

NVD•added 2025/12/10 7:16 p.m.•2 views

CVE-2025-34429

7.1CVSS0.00041EPSS

Exploits0References3

OSV•added 2025/12/10 7:16 p.m.•2 views

CVE-2025-34429

7.1CVSS6.9AI score

Exploits0References3

CVE•added 2025/12/10 6:23 p.m.•11 views

CVE-2025-34429

1Panel CSRF in web port configuration affects versions 1.10.33–2.0.15. The port-change endpoint lacks anti-CSRF defenses (no anti-CSRF tokens; no Origin/Referer checks). An attacker can lure an authenticated user to submit a crafted request, causing the web service to listen on a new port and pot...

7.1CVSS6.6AI score0.00041EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/12/10 6:23 p.m.•23 views

CVE-2025-34429 1Panel CSRF Web Port Configuration Change

7CVSS0.00041EPSS

Exploits0References3

GitLab Advisory Database•added 2025/12/10 12:0 a.m.•6 views

1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality

7.1CVSS7AI score0.00041EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2025/12/10 12:0 a.m.•1 views

PT-2025-50368

Name of the Vulnerable Software and Affected Versions 1Panel versions 1.10.33 through 2.0.15 Description The software contains a cross-site request forgery CSRF issue in the web port configuration functionality. The port-change endpoint does not have CSRF protections, such as anti-CSRF tokens or...

7CVSS6.9AI score0.00041EPSS

Exploits0References6

OSV•added 2022/06/27 10:15 p.m.•1 views

DEBIAN-CVE-2022-31091

Guzzle, an extensible PHP HTTP client. Authorization and Cookie headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers...

7.7CVSS7.4AI score0.01516EPSS

Exploits0References1

OSV•added 2022/06/27 10:15 p.m.•1 views

UBUNTU-CVE-2022-31091

7.7CVSS5.8AI score0.01516EPSS

Exploits0References5

Cvelist•added 2022/06/27 12:0 a.m.•25 views

CVE-2022-31091 Change in port should be considered a change in origin in Guzzle

7.7CVSS7.8AI score0.01516EPSS

Exploits0References4

Github Security Blog•added 2022/06/21 8:7 p.m.•58 views

Change in port should be considered a change in origin

Impact Authorization and Cookie headers on requests are sensitive information. On making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers from the request, before containing. Previously, we...

7.7CVSS7.3AI score0.01516EPSS

Exploits0References7Affected Software1

OSV•added 2022/06/21 8:7 p.m.•60 views

GHSA-Q559-8M2M-G699 Change in port should be considered a change in origin

7.7CVSS7.4AI score0.01516EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by