Lucene search
K

21 matches found

GithubExploit
GithubExploit
added 2026/05/27 5:49 a.m.105 views

Exploit for CVE-2026-5172

CVE20265172poc CVE-2026-5172: buffer overflow in extractaddre...

7.3CVSS6AI score0.00933EPSS
Exploits1
CVE
CVE
added 2026/05/08 3:36 p.m.11 views

CVE-2026-41883

OmniFaces is affected by a server-side EL injection in CDNResourceHandler when using a wildcard CDN mapping (for example libraryName:=https://cdn.example.com/ ). An attacker can craft a resource request URL containing an EL expression in the resource name, which is evaluated server-side, leading ...

8.1CVSS5.8AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/25 11:34 a.m.8 views

CVE-2026-41205

A flaw was found in Mako, a Python template library. This vulnerability, known as path traversal, allows an attacker to access files outside of the intended directory. By providing a specially crafted input to the TemplateLookup.gettemplate function, a remote attacker can exploit an inconsistency...

8.7CVSS5.4AI score0.00361EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

MiracleLinux 7 : wget-1.14-13.el7 (AXSA:2016-1111:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2016-1111:01 advisory. GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you ar...

8.8CVSS7AI score0.45935EPSS
Exploits8References2
NVD
NVD
added 2026/01/15 9:16 p.m.20 views

CVE-2026-1002

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

6.9CVSS0.00343EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/12/19 1:16 p.m.5 views

CVE-2025-14946

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

4.8CVSS7.1AI score0.00118EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.5 views

LXD 安全漏洞

LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD versions prior to 6.5 and 5.21.4, which stems from a specially crafted resource name embedded in a URL path that could lead to a path traversal attack...

4.8CVSS6.3AI score0.00299EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.7 views

SUSE CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...

6.5CVSS8.6AI score0.99298EPSS
Exploits6References5
OSV
OSV
added 2022/08/25 6:15 p.m.18 views

CVE-2022-0135

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer virglrenderer. This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPUEXECBUFFER ioctl, leading to a denial of service or possible code execution...

7.8CVSS7.1AI score
Exploits0References3
CNNVD
CNNVD
added 2021/06/21 12:0 a.m.3 views

Vfsjfilechooser2 安全漏洞

Vfsjfilechooser2 is an open source vfsjfilechooser project's mavenized branch . It is a replacement for Java's JFileChooser Swing component. A security vulnerability exists in Vfsjfilechooser2 0.2.9 and earlier, which stems from a Regular Expression Denial of Service ReDOS that occurs when an...

7.5CVSS7.2AI score0.02315EPSS
Exploits1References5
CNVD
CNVD
added 2020/07/31 12:0 a.m.4 views

Pulse Secure Pulse Connect Secure Code Injection Vulnerability

Pulse Secure Pulse Connect Secure a.k.a. PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure in the United States. A code injection vulnerability exists in Pulse Secure PCS versions prior to 9.1RB. The vulnerability can be exploited by an attacker to execu...

7.2CVSS8AI score0.32739EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2017/12/04 12:0 a.m.7 views

The vulnerability of the doFilter method in the UrlAccessController class of the HPE Intelligent Management Center PLAT software platform allows a attacker to bypass the authentication process.

The vulnerability of the doFilter method in the UrlAccessController class of the HPE Intelligent Management Center PLAT software platform for managing wired and wireless networks is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor ...

10CVSS7.8AI score0.68916EPSS
Exploits0References7
curl security advisories
curl security advisories
added 2017/08/09 8:0 a.m.7 views

URL globbing out of bounds read

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a...

6.5CVSS6.9AI score0.03875EPSS
Exploits0Affected Software2
CNVD
CNVD
added 2017/01/11 12:0 a.m.2 views

Multiple Samsung Android Mobile Phones Denial of Service Vulnerabilities

Samsung Android is a line of Android smartphones from the South Korean company Samsung. A security vulnerability exists in Samsung Android devices. The vulnerability can be exploited by an attacker with the help of a specially crafted resource profile to cause a system crash, resulting in a denia...

7.1CVSS6.7AI score0.00798EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/07/14 4:38 p.m.1 views

JSF: Information disclosure due to missing access restriction in portlet resource dispatching

It was found that JavaServer Faces PortletBridge-based portlets using GenericPortlet's default resource serving did not restrict access to resources within the web application. An attacker could set the resource ID field of a URL to potentially bypass security constraints and gain access to...

4.9CVSS6.6AI score0.01496EPSS
Exploits0References4
Cvelist
Cvelist
added 2015/06/04 10:0 a.m.27 views

CVE-2015-0764

Cisco Unified MeetingPlace 8.61.9 allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603...

6.6AI score0.01948EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2012/09/14 9:27 a.m.5 views

bind: specially crafted resource record causes named to exit

ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query for a long resource record...

7.8CVSS6.9AI score0.36798EPSS
Exploits0References4
NVD
NVD
added 2009/09/14 4:30 p.m.21 views

CVE-2009-2803

CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a file with a crafted resource fork...

6.8CVSS7.8AI score0.02275EPSS
Exploits1References6
Prion
Prion
added 2009/09/14 4:30 p.m.18 views

Memory corruption

CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a file with a crafted resource fork...

6.8CVSS7.9AI score0.02275EPSS
Exploits1References6Affected Software2
Prion
Prion
added 2009/02/13 12:30 a.m.19 views

Memory corruption

Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service application termination and execute arbitrary code via a crafted resource fork that triggers memory corruption...

7.8CVSS7.9AI score0.02903EPSS
Exploits1References5Affected Software2
Rows per page
Query Builder