CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

62 matches found

NVD•added 2026/05/27 8:16 p.m.•12 views

CVE-2026-8363

A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:...

9.8CVSS0.00056EPSS

Exploits0References1

CVE•added 2026/05/27 7:42 p.m.•10 views

CVE-2026-8362

CVE-2026-8362 describes a stack-based buffer overflow in WOSDefaultHttpModule.dll when processing long URL paths starting with /woshome. Affected software/component: WOSDefaultHttpModule.dll. Root cause: unbounded processing of long URL path leading to overflow. Impact is described as high confid...

9.8CVSS6.1AI score0.00056EPSS

Exploits0References1

CNNVD•added 2026/05/27 12:0 a.m.•3 views

Gladinet Triofox 安全漏洞

Gladinet Triofox is an enterprise file sharing and remote access platform developed by the American company Gladinet. There is a security vulnerability in Gladinet Triofox, which stems from a stack buffer overflow issue when processing long URL paths that start with “/resources”...

9.8CVSS6AI score0.00056EPSS

Exploits0References1

Positive Technologies•added 2026/05/21 12:0 a.m.•3 views

PT-2026-42558

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description An Insecure Direct Object Reference IDOR, which occurs when an application provides direct access to objects based on user-supplied input, combined with a missing authentication gate allows...

6.3CVSS5.7AI score0.00089EPSS

Exploits0References3

RedhatCVE•added 2026/04/13 1:22 p.m.•1 views

CVE-2026-5226

The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the getcurrenturl function, which are inserted into...

6.1CVSS6AI score0.00155EPSS

Exploits0References1

ATTACKERKB•added 2026/04/11 1:24 a.m.•3 views

CVE-2026-5226

6.1CVSS6AI score0.00155EPSS

Exploits0References10

Positive Technologies•added 2026/04/11 12:0 a.m.•3 views

PT-2026-32092

6.1CVSS6AI score0.00155EPSS

Exploits0References10

CNNVD•added 2026/01/27 12:0 a.m.•1 views

TP-Link Tapo C220 and TP-Link Tapo C520WS have security vulnerabilities

Both the TP-Link Tapo C220 and TP-Link Tapo C520WS are WiFi cameras produced by the Chinese company TP-Link. There are security vulnerabilities in the TP-Link Tapo C220 v1 version and the TP-Link Tapo C520WS v2 version. These vulnerabilities stem from the HTTP parser’s improper handling of reques...

7.5CVSS5.8AI score0.0029EPSS

Exploits0References6

CNNVD•added 2026/01/15 12:0 a.m.•1 views

Keycloak input validation error vulnerability

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a vulnerability related to input validation. This vulnerability arises from improper input validation, as it accepts RFC-compliant matrix parameters from URL path segments. This could all...

3.7CVSS5.8AI score0.00015EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2010-3024

Malware in sbrugna...

2.6CVSS6.4AI score0.00359EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-0062

Malware in sbrugna...

7.5CVSS7.3AI score0.0012EPSS

Exploits0References21

RedhatCVE•added 2025/10/06 9:5 p.m.•4 views

CVE-2025-54292

Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths...

4.8CVSS6.8AI score0.00037EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-3520

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00209EPSS

Exploits0References9

OSV•added 2025/10/02 10:15 a.m.•3 views

DEBIAN-CVE-2025-54292

4.8CVSS6.9AI score0.00037EPSS

Exploits1References1

NVD•added 2025/03/20 10:15 a.m.•4 views

CVE-2024-6844

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquoteplus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path...

5.3CVSS0.0011EPSS

Exploits1References2

CISA KEV Catalog•added 2025/03/03 12:0 a.m.•21 views

Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability

Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization...

9.8CVSS6.8AI score0.93254EPSS

In wildExploits6

Redos•added 2024/11/21 12:0 a.m.•13 views

ROS-20241121-06

A vulnerability in the Consul service configuration tool is related to the use of URL paths in L7 traffic. Exploitation of the vulnerability could allow an attacker acting remotely to bypass access rules based on HTTP request paths. HTTP request paths The vulnerability in the Consul service...

8.1CVSS5.9AI score0.01462EPSS

Exploits0

OSV•added 2024/10/31 12:30 a.m.•13 views

GHSA-CHGM-7R52-WHJJ Hashicorp Consul Path Traversal vulnerability

A vulnerability was identified in Consul and Consul Enterprise "Consul" such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

8.6CVSS6.5AI score0.00199EPSS

Exploits0References7

NVD•added 2024/10/30 10:15 p.m.•20 views

CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

8.1CVSS0.00199EPSS

Exploits0References2

OSV•added 2024/10/30 10:15 p.m.•1 views

DEBIAN-CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

5.8CVSS7.6AI score0.00199EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by