CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1019 matches found

Snyk•added 2026/05/20 3:35 p.m.•4 views

User Interface (UI) Misrepresentation of Critical Information

Overview symfony/html-sanitizer is a Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. Affected versions of this package are vulnerable to User Interface UI Misrepresentation of Critical Information via UrlSanitizer::parse in the...

7.1CVSS5.8AI score

Exploits0References2

Cvelist•added 2026/04/02 2:1 p.m.•20 views

CVE-2026-26927 URL (HTTP Origin) call location spoofing in Szafir SDK Web

Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...

5.1CVSS0.00016EPSS

Exploits0References2

Cvelist•added 2026/02/17 7:48 p.m.•22 views

CVE-2025-27900 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a...

6.8CVSS0.00039EPSS

Exploits0References1

Redos•added 2026/02/16 12:0 a.m.•3 views

ROS-20260216-73-0011

A vulnerability in the io.netty.handler.codec.http.HttpRequestEncoder component of the Netty networking tool is related to the failure to take measures to neutralize CRLF sequences when processing the HttpRequestEncoder parameter. Exploitation of the vulnerability could allow an attacker acting...

6.5CVSS5.6AI score0.00024EPSS

Exploits1

RedhatCVE•added 2026/01/09 10:55 a.m.•5 views

CVE-2022-38164

A vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. A maliciously crafted website could make a phishing attack with URL spoofing as the browser only display certain part of the entire URL...

6.5CVSS6.5AI score0.00372EPSS

Exploits0References1

Tenable Nessus•added 2025/11/20 12:0 a.m.•6 views

TencentOS Server 4: thunderbird (TSSA-2024:1046)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1046 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.8CVSS7.7AI score0.00944EPSS

Exploits0References11