CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

198 matches found

Snyk•added 2026/05/01 11:24 a.m.•0 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the PolicyReference API when fetching remote policy references. An attacker can access internal resources or arbitrary protocols by supplying a crafted URI. Remediation Upgrade org.apache.neethi:neet...

7.2CVSS6AI score0.00045EPSS

Exploits0References2

OSV•added 2026/01/15 9:31 p.m.•1 views

GHSA-CPHF-4846-3XX9 Vert.x Web static handler component cache can be manipulated to deny the access to static files

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

6.9CVSS5.8AI score0.00025EPSS

Exploits1References7

Cvelist•added 2026/01/15 8:50 p.m.•18 views

CVE-2026-1002 Eclipse Vert.x Web static handler file access denial

6.9CVSS0.00025EPSS

Exploits1References1

Positive Technologies•added 2026/01/15 12:0 a.m.•8 views

PT-2026-3133

Name of the Vulnerable Software and Affected Versions Vert.x versions affected versions not specified Description The Vert.x Web static handler component cache can be manipulated to deny access to static files served by the handler using specifically crafted request URIs. This is due to an improp...

6.9CVSS5.9AI score0.00025EPSS

Exploits1References13

RedhatCVE•added 2026/01/09 12:17 p.m.•11 views

CVE-2018-10082

CMS Made Simple CMSMS through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or...

5.3CVSS6.7AI score0.00289EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:20 a.m.•5 views

CVE-2021-22984

On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM...

6.1CVSS6.9AI score0.00197EPSS

Exploits0References1

Positive Technologies•added 2026/01/05 12:0 a.m.•3 views

PT-2026-1337

Name of the Vulnerable Software and Affected Versions Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 Description The software contains a regular expression denial of service ReDoS issue within the UriTemplate class when handling RFC 6570 exploded array patterns. The dynamicall...

8.7CVSS5.3AI score0.00037EPSS

Exploits1References12

SUSE CVE•added 2025/12/20 12:46 a.m.•22 views

SUSE CVE-2025-14946

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

7.1CVSS7.5AI score0.00016EPSS

Exploits0References3

RedhatCVE•added 2025/12/19 1:1 p.m.•2 views

CVE-2025-14946

4.8CVSS7.3AI score0.00016EPSS

Exploits0References4