CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3975 matches found

OSV•added 2025/04/13 7:15 p.m.•1 views

CVE-2025-3538

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function authasp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within th...

8.7CVSS7.5AI score0.09383EPSS

Exploits1References5

Hacker One•added 2025/04/08 8:42 p.m.•707 views

Node.js: Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args) when args[0] is a string.

In Node.js, the ReadFileUtf8 internal binding was found to have a memory leak due to a corrupted pointer in uvfss.file. A UTF-16 path buffer was allocated and subsequently overwritten when the file descriptor was set, leading to an unrecoverable memory leak on every call...

3.7CVSS6.9AI score0.0056EPSS

Exploits0

Github Security Blog•added 2025/04/07 4:54 p.m.•23 views

LNbits Lightning Network Payment System Vulnerable to Server-Side Request Forgery via LNURL Authentication Callback

Server-Side Request Forgery via LNURL Authentication Callback in LNbits Lightning Network Payment System Disclaimer This vulnerability was detected using XBOW, a system that autonomously finds and exploits potential security vulnerabilities. The finding has been thoroughly reviewed and validated ...

9.3CVSS7AI score0.00087EPSS

Exploits2References4Affected Software1

NVD•added 2025/04/06 8:15 p.m.•18 views

CVE-2025-32013

LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery SSRF vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request ...

9.3CVSS0.00087EPSS

Exploits2References1

PyPA•added 2025/04/06 8:15 p.m.•5 views

PYSEC-2025-16

9.3CVSS7.2AI score0.00087EPSS

Exploits2References2Affected Software1

OSV•added 2025/04/06 8:7 p.m.•16 views

CVE-2025-32013 Server-Side Request Forgery via LNURL Authentication Callback in LNbits Lightning Network Payment System

9.3CVSS6.8AI score0.00087EPSS

Exploits2References3

CVE•added 2025/04/06 8:7 p.m.•71 views

CVE-2025-32013

CVE-2025-32013 affects LNbits LNURL authentication handling. The SSRF occurs when the server processes a callback URL: it issues an HTTP request to the provided URL with redirects enabled via httpx and does not adequately validate the callback, enabling an attacker to target internal network addr...

9.3CVSS6.8AI score0.00087EPSS

Exploits2References1Affected Software1

Positive Technologies•added 2025/04/06 12:0 a.m.•2 views

PT-2025-15123 · Lnbits +1 · Lnbits +1

Name of the Vulnerable Software and Affected Versions: LNbits affected versions not specified Description: A Server-Side Request Forgery SSRF issue has been found in LNbits' LNURL authentication handling functionality. This occurs because the application does not properly validate the callback UR...

9.3CVSS6.2AI score0.00087EPSS

Exploits2References17

SUSE Linux•added 2025/04/04 1:30 p.m.•3 views

Security update for google-guest-agent

This update for google-guest-agent fixes the following issues: CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass bsc1234563. Other fixes: - Updated to version 20250327.01 bsc1239763, bsc1239866 Remove error messages from...

8.1CVSS7.3AI score0.3863EPSS

Exploits2References8

SUSE CVE•added 2025/04/04 2:58 a.m.•6 views

SUSE CVE-2025-21995

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix fence reference count leak The lastscheduled fence leaks when an entity is being killed and adding the cleanup callback fails. Decrement the reference count of prev when dmafenceaddcallback fails, ensuring proper...

5.5CVSS7.8AI score0.00026EPSS

Exploits0References15

NVD•added 2025/04/03 8:15 a.m.•16 views

CVE-2025-22006

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix NAPI registration sequence Registering the interrupts for TX or RX DMA Channels prior to registering their respective NAPI callbacks can result in a NULL pointer dereference. This is seen in...

5.5CVSS0.00069EPSS

Exploits0References3

OSV•added 2025/04/03 8:15 a.m.•2 views

AZL-59751 CVE-2025-22007 affecting package kernel for versions less than 5.15.180.1-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix error code in chanallocskbcb The chanallocskbcb function is supposed to return error pointers on error. Returning NULL will lead to a NULL dereference...

5.5CVSS6.4AI score0.00022EPSS

Exploits0References1

OSV•added 2025/04/03 8:15 a.m.•5 views

AZL-60264 CVE-2025-21995 affecting package kernel for versions less than 6.6.85.1-2

5.5CVSS5.6AI score0.00026EPSS

Exploits0References1

OSV•added 2025/04/03 8:15 a.m.•1 views

DEBIAN-CVE-2025-21995

5.5CVSS5.6AI score0.00026EPSS

Exploits0References1

OSV•added 2025/04/03 8:15 a.m.•1 views

UBUNTU-CVE-2025-21995

5.5CVSS6.2AI score0.00026EPSS

Exploits0References25

CVE•added 2025/04/03 7:18 a.m.•118 views

CVE-2025-21995

The CVE-2025-21995 entry documents a Linux kernel vulnerability in drm/sched related to a fence reference count leak. The root cause is a leak of the last_scheduled fence when an entity is killed and adding a cleanup callback fails; the fix decrements the prev fence reference count when dma_fence...

5.5CVSS7.3AI score0.00026EPSS

Exploits0References4Affected Software1