CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1097 matches found

Nuclei•added 2026/05/25 4:37 a.m.•58 views

Openfire Administration Console - Authentication Bypass

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

8.6CVSS7.3AI score0.94441EPSS

Exploits14References5

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в twisted

In words.protocols.jabber.xmlstream in Twisted through version 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to intercept connections...

7.4CVSS6.9AI score0.00841EPSS

Exploits0References2

Tenable Nessus•added 2026/05/01 12:0 a.m.•5 views

Wireshark 2.2.x < 2.2.12 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.2.12. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.2.12 advisory. - In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could...

7.5CVSS6.9AI score0.01011EPSS

Exploits0References13

FreeBSD•added 2026/04/20 12:0 a.m.•2 views

ejabberd -- Potential DDoS in XML Parser

ejabberd team reports: This release adds new options that limit max memory used by XML parser used to process XMPP payloads, to prevent potential Denial of Service attack. The default values for pre-auth provide sufficient protection for ejabberd against non-authenticated users on c2s and s2s, so...

5.8AI score

Exploits0References1

RedhatCVE•added 2026/01/09 12:41 p.m.•6 views

CVE-2023-25356

CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leverage...

8.8CVSS7.2AI score0.17483EPSS

Exploits3References1

RedhatCVE•added 2026/01/09 9:33 a.m.•5 views

CVE-2024-39094

Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...

5.4CVSS6.1AI score0.00355EPSS

Exploits1References1