CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3971 matches found

OSV•added 2026/03/12 8:16 p.m.•1 views

UBUNTU-CVE-2026-1525

Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications...

9.8CVSS5.8AI score0.00019EPSS

Exploits0References2

ATTACKERKB•added 2026/03/12 7:56 p.m.•5 views

CVE-2026-1525

6.5CVSS5.8AI score0.00019EPSS

Exploits0References6

Debian CVE•added 2026/03/12 7:56 p.m.•5 views

CVE-2026-1525

9.8CVSS7.2AI score0.00019EPSS

Exploits0

Cvelist•added 2026/03/12 7:56 p.m.•21 views

CVE-2026-1525 undici is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

6.5CVSS0.00019EPSS

Exploits0References5

Positive Technologies•added 2026/03/12 12:0 a.m.•1 views

PT-2026-25064

Name of the Vulnerable Software and Affected Versions Undici versions prior to 7.24.0 and prior to 6.24.0 Description Undici is susceptible to inconsistent interpretation of HTTP requests, specifically HTTP Request/Response Smuggling. The issue arises when duplicate HTTP Content-Length headers ar...

9.8CVSS7.1AI score0.00175EPSS

Exploits22References160

Vulnrichment•added 2026/03/11 6:23 p.m.•2 views

CVE-2019-25486 Varient 1.6.1 SQL Injection via user_id Parameter

Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit POST requests with crafted SQL payloads in the userid field to bypass authentication and extract...

8.8CVSS5.9AI score0.00384EPSS

Exploits0References3

CNNVD•added 2026/03/11 12:0 a.m.•3 views

Varient SQL注入漏洞

Varient is a news magazine software developed by Varient Corporation. Version 1.6.1 of Varient contains an SQL injection vulnerability. This vulnerability stems from the userid parameter, which allows for SQL injections. It may allow unverified attackers to manipulate database queries and extract...

8.8CVSS5.9AI score0.00384EPSS

Exploits0References3

NVD•added 2026/03/10 8:16 p.m.•2 views

CVE-2026-29175

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any...

8.6CVSS0.00014EPSS

Exploits1References2

EUVD•added 2026/03/10 7:59 p.m.•1 views

EUVD-2026-10821

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an...

4.8CVSS6AI score0.0001EPSS

Exploits0References2

ATTACKERKB•added 2026/03/10 7:59 p.m.•1 views

CVE-2026-29176

4.8CVSS6AI score0.0001EPSS

Exploits0References3Affected Software1

OSV•added 2026/03/10 7:59 p.m.•4 views

CVE-2026-29176 Craft Commerce has Stored XSS in Inventory Location Name

4.8CVSS6AI score0.0001EPSS

Exploits0References4

CVE•added 2026/03/10 7:59 p.m.•5 views

CVE-2026-29176

CVE-2026-29176 affects Craft Commerce (Craft CMS). A stored XSS exists in the Commerce Settings – Inventory Locations page where the Name field is not properly HTML-escaped. The vulnerability is triggered when an administrator (or a user with product-editing permissions) creates or edits a varian...

4.8CVSS6AI score0.0001EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/03/10 7:57 p.m.•2 views

CVE-2026-29175

8.6CVSS6AI score0.00014EPSS

Exploits1References3Affected Software1

EUVD•added 2026/03/10 7:57 p.m.•3 views

EUVD-2026-10819

8.6CVSS6AI score0.00014EPSS

Exploits1References2

Vulnrichment•added 2026/03/10 7:57 p.m.•2 views

CVE-2026-29175 Multiple Stored XSS in Commerce Inventory Page Leading to Session Hijacking

8.6CVSS6AI score0.00014EPSS

Exploits1References2

Github Security Blog•added 2026/03/10 6:23 p.m.•7 views

Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking

Summary Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any user including administrators views the inventory management...

8.6CVSS6AI score0.00014EPSS

Exploits1References4Affected Software1

OSV•added 2026/03/10 6:23 p.m.•4 views

GHSA-CFPV-RMPF-F624 Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking

8.6CVSS6AI score0.00014EPSS

Exploits1References4

Positive Technologies•added 2026/03/10 12:0 a.m.•3 views

PT-2026-24417

8.6CVSS6AI score0.00014EPSS

Exploits1References3

Positive Technologies•added 2026/03/10 12:0 a.m.•1 views

PT-2026-24624

8.6CVSS6AI score

Exploits0References4

Positive Technologies•added 2026/03/10 12:0 a.m.•1 views

PT-2026-24640

Summary A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an administrator or user with product editing permissions creates or...

4.8CVSS6AI score

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by