CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

286 matches found

Debian CVE•added 2016/02/16 2:0 a.m.•26 views

CVE-2015-7580

Cross-site scripting XSS vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node...

6.1CVSS5.6AI score0.00163EPSS

CVE•added 2016/02/16 2:0 a.m.•82 views

CVE-2015-7580

The CVE-2015-7580 entry describes an XSS vulnerability in the rails-html-sanitizer gem prior to 1.0.3 used with Ruby on Rails 4.2.x and 5.x. The issue arises in lib/rails/html/scrubbers.rb where a crafted CDATA node can inject arbitrary script/HTML. Affected component: rails-html-sanitizer (Ruby ...

6.1CVSS5.4AI score0.00163EPSS

Exploits0References7Affected Software1

RedHat Linux•added 2014/07/01 3:3 p.m.•1 views

httpd: mod_dav denial of service via crafted DAV WRITE request

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...

5CVSS6.8AI score0.39561EPSS

Exploits2References4

RedHat Linux•added 2014/06/23 5:52 p.m.•3 views

httpd: mod_dav denial of service via crafted DAV WRITE request

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...

5CVSS6.8AI score0.39561EPSS

Exploits2References4

RedHat Linux•added 2014/06/23 5:52 p.m.•4 views

httpd: mod_dav denial of service via crafted DAV WRITE request

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...

5CVSS6.8AI score0.39561EPSS

Exploits2References4

RedHat Linux•added 2014/04/03 8:59 p.m.•0 views

httpd: mod_dav denial of service via crafted DAV WRITE request

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...

5CVSS6.8AI score0.39561EPSS

Exploits2References4

RedHat Linux•added 2014/04/03 8:59 p.m.•0 views

httpd: mod_dav denial of service via crafted DAV WRITE request

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...

5CVSS6.8AI score0.39561EPSS

Exploits2References4

Tenable Nessus•added 2014/03/24 12:0 a.m.•49 views

FreeBSD : apache -- several vulnerabilities (91ecb546-b1e6-11e3-980f-20cf30e32f6d)

Apache HTTP SERVER PROJECT reports : Clean up cookie logging with fewer redundant string parsing passes. Log only cookies with a value assignment. Prevents segfaults when logging truncated cookies. moddav: Keep track of length of cdata properly when removing leading spaces. Eliminates a potential...

5CVSS7.1AI score0.50788EPSS

Exploits2References3

OSV•added 2014/03/18 5:18 a.m.•1 views

DEBIAN-CVE-2013-6438

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...

5CVSS8.8AI score0.39561EPSS

Exploits2References1

NVD•added 2014/03/18 5:18 a.m.•22 views

CVE-2013-6438

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...

5CVSS6.8AI score0.39561EPSS

Exploits2References48

OSV•added 2013/11/18 2:55 a.m.•1 views

DEBIAN-CVE-2013-2031

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox...

4.3CVSS6.1AI score0.01605EPSS

Exploits0References1

Zero Day Initiative•added 2013/02/14 12:0 a.m.•27 views

Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS2.7AI score0.41063EPSS

Exploits0References1

NVD•added 2011/04/11 6:55 p.m.•12 views

CVE-2009-5065

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas...

4.3CVSS5.4AI score0.07165EPSS

Exploits1References8

OSV•added 2011/04/11 6:55 p.m.•2 views

DEBIAN-CVE-2009-5065

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas...

4.3CVSS6AI score0.07165EPSS

Exploits1References1

OSV•added 2011/04/11 6:55 p.m.•5 views

CVE-2009-5065

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas...

4.3CVSS5.4AI score0.07165EPSS

Exploits1References11

PyPA•added 2011/04/11 6:55 p.m.•5 views

PYSEC-2011-18

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas...

4.3CVSS6AI score0.07165EPSS

Exploits1References9Affected Software1

Prion•added 2011/04/11 6:55 p.m.•13 views

Cross site scripting

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas...

4.3CVSS5.7AI score0.07165EPSS

Exploits1References8Affected Software1

ATTACKERKB•added 2011/04/11 6:55 p.m.•3 views

CVE-2009-5065

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas...

4.3CVSS5.7AI score0.07165EPSS

Exploits1References9

UbuntuCve•added 2011/04/11 6:55 p.m.•20 views

CVE-2009-5065

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas...

4.3CVSS6AI score0.07165EPSS

Exploits1References1

Debian CVE•added 2011/04/11 6:0 p.m.•17 views

CVE-2009-5065

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas...

4.3CVSS5.4AI score0.07165EPSS

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by