CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

152 matches found

Positive Technologies•added 2026/05/07 12:0 a.m.•6 views

PT-2026-38625

Name of the Vulnerable Software and Affected Versions python-utcp versions prior to 1.1.3 Description The utcp-http plugin is subject to a blind Server-Side Request Forgery SSRF, a flaw where an attacker can induce the server to make requests to an unintended location. This occurs due to a...

4.7CVSS5.8AI score0.00009EPSS

Exploits0References7

Tenable Nessus•added 2026/04/13 12:0 a.m.•6 views

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2026-1583)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1583 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

7CVSS6.8AI score0.00205EPSS

Exploits0References18

RedhatCVE•added 2026/03/26 3:7 p.m.•1 views

CVE-2026-4528

A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/httpproxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation ...

7.5CVSS6.7AI score0.00057EPSS

Exploits0References1

EUVD•added 2026/03/22 12:30 a.m.•1 views

EUVD-2026-14258

7.5CVSS5.4AI score0.00057EPSS

Exploits0References5

Vulnrichment•added 2026/03/21 10:2 p.m.•2 views

CVE-2026-4528 trueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgery

7.5CVSS5.4AI score0.00057EPSS

Exploits0References4

Packet Storm News•added 2026/01/14 12:0 a.m.•4 views

Private Links, Public Leaks: Consequences of Frictionless User Experience on the Security and Privacy Posture of SMS-Delivered URLs

Digital service providers often prioritize a frictionless user experience by adopting technologies that simplify access to their services. One widely used mechanism is the Short Message Service SMS to deliver links URLs that enable single-click access to online services with little to no...

7.1AI score

Exploits0

OSV•added 2025/12/01 10:35 p.m.•7 views

CVE-2025-66412 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

8.5CVSS5.7AI score0.00027EPSS

Exploits1References4

Positive Technologies•added 2025/12/01 12:0 a.m.•7 views

PT-2025-48578

Name of the Vulnerable Software and Affected Versions Angular versions prior to 21.0.2 Angular versions prior to 20.3.15 Angular versions prior to 19.2.17 Description A Stored Cross-Site Scripting XSS issue exists in the Angular Template Compiler due to an incomplete internal security schema. Thi...

9CVSS5.4AI score0.00027EPSS

Exploits1References19

EUVD•added 2025/10/30 6:31 p.m.•3 views

EUVD-2025-37041

By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions is vulnerable to DNS rebinding attacks, which allow...

6.9CVSS6.5AI score0.00045EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2009-3149

Malware in sbrugna...

5CVSS6.1AI score0.00357EPSS

Exploits1References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-4780

Malware in sbrugna...

6.5CVSS6.4AI score0.00961EPSS

Exploits0References2