CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2025/08/20 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2022-22971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial...

6.5CVSS7AI score0.00247EPSS

Exploits0References3

Kitploit•added 2023/12/10 11:30 a.m.•29 views

Legba - A Multiprotocol Credentials Bruteforcer / Password Sprayer And Enumerator

Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime in order to achieve better performances and stability while consuming less resources than similar tools see the benchmark below. For the building instructions, usa...

8AI score

RedhatCVE•added 2023/05/24 3:40 p.m.•98 views

CVE-2023-32081

A flaw was found in the Vert.X Stomp server. The Vert.x STOMP server processes client STOMP frames without checking that the client sent an initial CONNECT frame and replied with a successful CONNECTED frame. A malicious user can connect and then create or receive unauthorized content...

6.5CVSS6.8AI score0.00353EPSS

Exploits0References4

RedHat Linux•added 2023/05/17 1:58 p.m.•4 views

springframework: DoS with STOMP over WebSocket

A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user...

6.5CVSS7.3AI score0.00247EPSS

Exploits0References5

Veracode•added 2023/05/15 3:47 a.m.•15 views

Improper Authentication

vertx-stomp is vulnerable to Improper Authentication. Without requiring a prior CONNECT frame reply with a successful CONNECTED frame, Vert.x STOMP servers handle client STOMP frames, enabling clients to publish messages or subscribe to destinations, resulting in an attacker subscribing to a...

6.5CVSS6.7AI score0.00353EPSS

Exploits0References5Affected Software1

vulnersOsv•added 2023/05/12 8:20 p.m.•1 views

cn.vertxup:zero-ifx-stomp (=0.9.0), cn.vertxup:zero-vie (=0.9.0) +3 more potentially affected by CVE-2023-32081 via io.vertx:vertx-stomp (>=4.0.0 <=4.4.1)

io.vertx:vertx-stomp MAVEN version =4.0.0, =2.0.0, =4.0.0, =4.0.0, =4.4.1 Source cves: CVE-2023-32081 Source advisory: OSV:GHSA-GVRQ-CG5R-7CHP...

Github Security Blog•added 2023/05/12 8:20 p.m.•21 views

Exploits0

Vert.x STOMP server process client frames that would not send initially a connect frame

Impact A Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with a...

Exploits0References4Affected Software1

vulnersOsv•added 2023/05/12 8:20 p.m.•3 views

com.nachinius:stomp-for-akka-streams_2.12 (=0.1.2), io.github.davidgregory084:vertices-stomp_2.12 (>=0.1.1 <=0.1.2) +9 more potentially affected by CVE-2023-32081 via io.vertx:vertx-stomp (>=3.1.0 <=3.9.15)

io.vertx:vertx-stomp MAVEN version =3.1.0, =0.1.1, =0.1.0, =3.4.0, =3.1.0, =3.1.0, =3.4.0, =3.9.1 Source cves: CVE-2023-32081 Source advisory: OSV:GHSA-GVRQ-CG5R-7CHP...

OSV•added 2023/05/12 8:20 p.m.•1 views

Exploits0

GHSA-GVRQ-CG5R-7CHP Vert.x STOMP server process client frames that would not send initially a connect frame

6.5CVSS6.6AI score0.00353EPSS

Exploits0References4

NVD•added 2023/05/12 2:15 p.m.•13 views

CVE-2023-32081

Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a...

Prion•added 2023/05/12 2:15 p.m.•20 views

Authentication flaw

6.4CVSS6.4AI score0.00353EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/05/12 1:49 p.m.•8 views

CVE-2023-32081 Vert.x STOMP server process client frames that would not send initially a connect frame

6.5CVSS6.8AI score0.00353EPSS

CVE•added 2023/05/12 1:49 p.m.•45 views

CVE-2023-32081

Vert.x STOMP server allows clients to subscribe/publish without prior authentication by accepting STOMP frames before a valid initial CONNECT frame. Affects Vert.x STOMP servers in versions 3.1.0–3.9.16 and 4.0.0–4.4.2; root cause is failure to validate the initial CONNECT frame before replying w...

Exploits0References2Affected Software1

OSV•added 2023/05/12 1:49 p.m.•17 views

CVE-2023-32081 Vert.x STOMP server process client frames that would not send initially a connect frame

Cvelist•added 2023/05/12 1:49 p.m.•14 views

Exploits0References4

CVE-2023-32081 Vert.x STOMP server process client frames that would not send initially a connect frame

6.5CVSS6.6AI score0.00353EPSS

CNNVD•added 2023/05/12 12:0 a.m.•2 views

vert.x-stomp 授权问题漏洞

vert.x-stomp is a STOMP client/server implementation of the Eclipse Vert.x open source. An authorization issue vulnerability exists in vert.x-stomp versions prior to 3.1.0 to 3.9.16 and 4.0.0 to 4.4.2, which stems from a client being able to subscribe to a destination or publish a message without...

Positive Technologies•added 2023/05/12 12:0 a.m.•3 views

Exploits0References3

PT-2023-23593 · Unknown · Vert.X Stomp

Name of the Vulnerable Software and Affected Versions: Vert.x STOMP versions 3.1.0 through 3.9.16 Vert.x STOMP versions 4.0.0 through 4.4.2 Description: The Vert.x STOMP server processes client STOMP frames without checking that the client sent an initial CONNECT frame replied with a successful...