CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

191 matches found

AlmaLinux•added 2025/05/13 12:0 a.m.•3 views

Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

6.3CVSS6.8AI score0.01639EPSS

Exploits0References4

OSV•added 2025/04/16 5:15 p.m.•2 views

CVE-2025-20236

A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient inpu...

8.8CVSS6.1AI score

Exploits0References1

OSV•added 2025/04/14 11:35 a.m.•37 views

BIT-PYTHON-2025-0938 URL parser allowed square brackets in domain names

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

6.3CVSS5.8AI score0.01639EPSS

Exploits0References12

Amazon•added 2025/03/26 12:0 a.m.•3 views

Medium: python3.9

Issue Overview: The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could...

6.3CVSS7.7AI score0.01639EPSS

Exploits0

Amazon•added 2025/02/25 12:0 a.m.•24 views

Medium: python3

Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 There ...

7.5CVSS7.1AI score0.00883EPSS

Exploits1

RedhatCVE•added 2025/01/31 8:59 p.m.•13 views

CVE-2025-0938

A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...

6.8CVSS6AI score0.01639EPSS

Exploits0References5

NVD•added 2025/01/31 6:15 p.m.•14 views

CVE-2025-0938

6.3CVSS0.01639EPSS

Exploits0References11

Debian CVE•added 2025/01/31 5:51 p.m.•151 views

CVE-2025-0938

6.3CVSS6.4AI score0.01639EPSS

Exploits0

Vulnrichment•added 2025/01/31 5:51 p.m.•6 views

CVE-2025-0938 URL parser allowed square brackets in domain names

6.3CVSS6.5AI score0.01639EPSS

Exploits0References9

Cvelist•added 2025/01/31 5:51 p.m.•15 views

CVE-2025-0938 URL parser allowed square brackets in domain names

6.3CVSS0.01639EPSS

Exploits0References9

F5 Networks•added 2024/11/20 9:7 p.m.•18 views

K000148643: Curl vulnerability CVE-2022-27780

Security Advisory Description The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allow...

7.5CVSS6.6AI score0.00185EPSS

Exploits1

RedhatCVE•added 2024/11/12 11:5 p.m.•18 views

CVE-2024-11168

A flaw was found in Python. The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery SSRF if a URL is...

3.7CVSS9.2AI score0.00552EPSS

Exploits0References8

OSV•added 2024/11/12 9:22 p.m.•15 views

PSF-2024-13

The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...

6.3CVSS6.4AI score0.00552EPSS

Exploits0References7

Vulnrichment•added 2024/11/12 9:22 p.m.•12 views

CVE-2024-11168 Improper validation of IPv6 and IPvFuture addresses

6.3CVSS6.8AI score0.00552EPSS

Exploits0References7

Debian CVE•added 2024/11/12 9:22 p.m.•18 views

CVE-2024-11168

6.3CVSS6.4AI score0.00552EPSS

Exploits0

Positive Technologies•added 2024/05/28 12:0 a.m.•2 views

PT-2024-4148 · Apache · Apache Directory Ldap Api

Name of the Vulnerable Software and Affected Versions: Apache Directory LDAP API affected versions not specified Description: The issue is related to a lack of control over user-input data in the LDAP URL parser component. This can be exploited by a remote attacker to cause a denial of service...

7.8CVSS7.1AI score

Exploits0References3

Veracode•added 2024/05/10 3:50 p.m.•19 views

Regular Expression Denial Of Service (ReDoS)

s3-url-parser is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to a regex with inefficient complexity, allowing an attacker to craft long s3 URLS that triggers excessive resource consumption, leading to denial of service...

7.5CVSS6.9AI score0.00188EPSS

Exploits0

vulnersOsv•added 2024/05/01 9:30 p.m.•1 views

@alezanai/torquator (>=1.0.0 <=1.5.0), singwareplayercreator (=1.1.0) potentially affected by CVE-2024-25355 via s3-url-parser (=1.0.3)

s3-url-parser NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on s3-url-parser and may be impacted: - @alezanai/torquator =1.0.0, =1.5.0 - singwareplayercreator =1.1.0 Source cves: CVE-2024-25355 Source advisory: OSV:GHSA-R4Q9-XX5G-J24P...

7.5CVSS7.1AI score0.00188EPSS

Exploits0