Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

239 matches found

Snyk
Snykadded 2026/05/01 11:24 a.m.0 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the PolicyReference API when fetching remote policy references. An attacker can access internal resources or arbitrary protocols by supplying a crafted URI. Remediation Upgrade org.apache.neethi:neet...

7.2CVSS6AI score0.00045EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : httpd-2.4.6-97.1.0.1.el7.AXS7 (AXSA:2021-2480:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2480:01 advisory. httpd: modproxy: SSRF via a crafted request uri-path containing unix: CVE-2021-40438 Tenable has extracted the preceding description block directly from the...

9CVSS8.2AI score0.94432EPSS
Exploits5References2
OSV
OSVadded 2026/01/15 9:31 p.m.1 views

GHSA-CPHF-4846-3XX9 Vert.x Web static handler component cache can be manipulated to deny the access to static files

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

6.9CVSS5.8AI score0.00025EPSS
Exploits1References7
OSV
OSVadded 2026/01/15 9:16 p.m.3 views

CVE-2026-1002

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

5.3CVSS5.8AI score
Exploits0References2
Cvelist
Cvelistadded 2026/01/15 8:50 p.m.16 views

CVE-2026-1002 Eclipse Vert.x Web static handler file access denial

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

6.9CVSS0.00025EPSS
Exploits1References1
CVE
CVEadded 2026/01/15 8:50 p.m.13 views

CVE-2026-1002

CVE-2026-1002 affects the Vert.x Web static handler cache. The issue stems from an improper implementation of the RFC3986 C-rule (section 5.2.4), enabling an attacker to craft a URI (e.g., bar%2F..%2F) that can cause denial of access to static files served by the handler. Connected evidence indic...

6.9CVSS6.4AI score0.00025EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/01/15 8:50 p.m.3 views

CVE-2026-1002 Eclipse Vert.x Web static handler file access denial

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

6.9CVSS6.4AI score0.00025EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/01/15 12:0 a.m.5 views

PT-2026-3133

Name of the Vulnerable Software and Affected Versions Vert.x versions affected versions not specified Description The Vert.x Web static handler component cache can be manipulated to deny access to static files served by the handler using specifically crafted request URIs. This is due to an improp...

6.9CVSS5.9AI score0.00025EPSS
Exploits1References13
RedhatCVE
RedhatCVEadded 2026/01/09 12:17 p.m.4 views

CVE-2018-10082

CMS Made Simple CMSMS through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or...

5.3CVSS6.7AI score0.00289EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 11:20 a.m.0 views

CVE-2021-22984

On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM...

6.1CVSS6.9AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 8:33 a.m.2 views

CVE-2024-39904

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

8.8CVSS7.5AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/01/05 12:0 a.m.1 views

PT-2026-1337

Name of the Vulnerable Software and Affected Versions Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 Description The software contains a regular expression denial of service ReDoS issue within the UriTemplate class when handling RFC 6570 exploded array patterns. The dynamicall...

8.7CVSS5.3AI score0.00038EPSS
Exploits1References12
Snyk
Snykadded 2026/01/01 10:39 p.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FetchTheme function. An authenticated attacker can access internal resources or services by supplying crafted input to the uri argument. Remediation There is no fixed version for...

5.8CVSS5AI score0.00036EPSS
Exploits0References2
SUSE CVE
SUSE CVEadded 2025/12/20 12:46 a.m.21 views

SUSE CVE-2025-14946

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

7.1CVSS7.5AI score0.00016EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/12/19 1:1 p.m.1 views

CVE-2025-14946

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

4.8CVSS7.3AI score0.00016EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2015-9102

Malware in sbrugna...

5.4CVSS5.6AI score0.00249EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2013-0727

Malware in sbrugna...

5CVSS6.3AI score0.00676EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2018-2164

Malware in sbrugna...

5.3CVSS5.5AI score0.00289EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2017-17265

Malware in sbrugna...

6.1CVSS6.3AI score0.00328EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2008-5797

Malware in sbrugna...

7.5CVSS6.4AI score0.01957EPSS
Exploits0References6
Rows per page
Query Builder