CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Cvelist•added 2026/05/20 4:39 a.m.•40 views

CVE-2026-9057 Security fix for Qlik Talend Administration Center URL access control vulnerability

A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available...

8.2CVSS0.00032EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-1207

Malware in sbrugna...

5.8CVSS6.2AI score0.00383EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-4645

Malicious code in bioql PyPI...

8.6CVSS6.6AI score0.00044EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 12:15 a.m.•6 views

CVE-2022-44875

KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code...

5.4CVSS6.8AI score0.01705EPSS

Exploits1References1

CISA KEV Catalog•added 2022/01/18 12:0 a.m.•20 views

F5 BIG-IP Traffic Management Microkernel Buffer Overflow

The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls...

9.8CVSS4AI score0.73095EPSS

In wildExploits3

PyPA•added 2021/12/08 12:15 a.m.•4 views

PYSEC-2021-439

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...

7.5CVSS6.9AI score0.00131EPSS

Exploits0References5Affected Software1

Prion•added 2021/05/28 9:15 p.m.•29 views

Path traversal

Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences %2F and %5C in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. /something%2F..%2Fadmin, to bypass access control, e.g. a block on /admin. A...

7.5CVSS8.2AI score0.10452EPSS

Exploits0References1Affected Software1

NVD•added 2021/03/31 6:15 p.m.•23 views

CVE-2021-22991

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel TMM URI normalization, which may trigger a buffer...

9.8CVSS0.73095EPSS

Exploits3References2

OSV•added 2018/07/16 5:29 p.m.•1 views

CVE-2018-0384

A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traffic for an affected system. The vulnerability exists because the affected software incorrectly...

5.8CVSS5.8AI score0.00383EPSS

Exploits0References3

OSV•added 2008/10/03 5:41 p.m.•6 views

CVE-2008-4359

lighttpd before 1.4.20 compares URIs to patterns in the 1 url.redirect and 2 url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data...

6.4AI score

Exploits0References29

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by