CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

116 matches found

Github Security Blog•added 2026/06/16 7:4 p.m.•17 views

Deno: WebSocket API sandbox bypass via missing post-DNS check

Summary When a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name that passes the hostname check yet resolves to a...

5.2CVSS5.4AI score0.00012EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/05/22 12:0 a.m.•7 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from an authorization bypass. If any type of callback other than a public key is passed,...

10CVSS5.8AI score0.00385EPSS

Exploits0References4

CNNVD•added 2026/05/12 12:0 a.m.•5 views

dssrf 安全漏洞

DSSRF is a URL and network verification library developed by RelunSec’s individual developers, designed for defending against SSRF vulnerabilities. Versions of DSSRF prior to 1.3.0 contained security vulnerabilities, which stemmed from the ability to bypass the isurlsafe check for each IPv6...

8.7CVSS5.8AI score0.00349EPSS

Exploits0References2

NVD•added 2026/05/07 8:16 p.m.•9 views

CVE-2026-8142

VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...

6.5CVSS0.00115EPSS

Exploits0References2

ATTACKERKB•added 2026/05/07 7:54 p.m.•6 views

CVE-2026-8142

6.5CVSS5.8AI score0.00115EPSS

Exploits0References3

CNNVD•added 2026/04/18 12:0 a.m.•6 views

NovumOS 安全漏洞

NovumOS is an 32-bit protected mode operating system developed by MinecAnton209. Versions of NovumOS prior to 0.24 contained security vulnerabilities; these vulnerabilities stemmed from Syscall 12 not verifying the entry address provided by the user space, which could lead to local privilege...

9.3CVSS5.8AI score0.00225EPSS

Exploits1References2

CNNVD•added 2026/04/06 12:0 a.m.•6 views

Directus 代码问题漏洞

Directus is an open-source real-time API and application dashboard developed by Directus. It is used to manage SQL database content. Versions of Directus prior to 11.16.0 have code vulnerabilities; these vulnerabilities stem from the IP address verification mechanism, which can be bypassed by IPv...

7.7CVSS5.9AI score0.00336EPSS

Exploits0References2

Tenable Nessus•added 2026/03/23 12:0 a.m.•3 views

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2025-38111)

In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via mdiobus, there is no verification of parameters passed ...

7.1CVSS6.2AI score0.00179EPSS

Exploits0References2

CNNVD•added 2026/01/28 12:0 a.m.•5 views

OpenProject data falsification vulnerability

OpenProject is an open-source web-based project management software. In versions 17.0.0 to 17.0.2 of OpenProject, there was a data manipulation vulnerability. This vulnerability stemmed from the fact that the synchronization server did not correctly verify the backend URL, which could lead to the...

9CVSS5.7AI score0.00159EPSS

Exploits0References2

Tenable Nessus•added 2026/01/22 12:0 a.m.•3 views

Azure Linux 3.0 Security Update: kernel (CVE-2025-38111)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38111 advisory. - In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of- bound...

7.1CVSS5.4AI score0.00179EPSS

Exploits0References2

Tenable Nessus•added 2026/01/22 12:0 a.m.•6 views

Azure Linux 3.0 Security Update: kernel (CVE-2025-38110)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38110 advisory. - In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of- bound...

7.1CVSS5.4AI score0.00161EPSS

Exploits0References2

Tenable Nessus•added 2026/01/20 12:0 a.m.•5 views

MiracleLinux 8 : nodejs:14 (AXSA:2022-3839:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3839:01 advisory. nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding...

8.1CVSS8.4AI score0.77278EPSS

Exploits3References6

Tenable Nessus•added 2026/01/16 12:0 a.m.•5 views

Fedora 42 : foomuuri (2026-63f333201f)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-63f333201f advisory. Upstream update to v0.31 with fixes to CVE-2025-67603 and CVE-2025-67858. CVE-2025-67603: Add PolicyKit authorization to D-Bus methods...

7CVSS5.6AI score0.00171EPSS

Exploits0References3

AstraLinux•added 2025/11/01 10:54 a.m.•6 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fixed potential out-of-bounds read/write access. When using publicly available tools like ‘mdio-tools’ to read/write data from/to network interfaces via mdiobus, there is no verification of the parameters passed to t...

7.1CVSS6.2AI score0.00179EPSS

Exploits0References4