CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

RedHat Linux•added 2026/04/14 7:23 a.m.•13 views

undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing e.g., "Content-Length" and "content-length". This can lead to HTTP Request Smuggling, a...

9.8CVSS7AI score0.00019EPSS

Exploits0References9

RedHat Linux•added 2026/04/08 6:17 p.m.•7 views

undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

9.8CVSS5.9AI score0.00019EPSS

Exploits0References9

RedhatCVE•added 2026/03/12 10:12 p.m.•2 views

CVE-2026-1525

9.8CVSS5.7AI score0.00019EPSS

Exploits0References8

RedhatCVE•added 2026/01/09 11:53 a.m.•3 views

CVE-2009-4905

Multiple cross-site request forgery CSRF vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change 1 passwords, 2 usernames, and 3 e-mail addresses...

6.8CVSS7.7AI score0.00207EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2013-0498

Malware in sbrugna...

8.5CVSS6.4AI score0.00606EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-13295

Malware in sbrugna...

6.1CVSS6.3AI score0.00268EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 2:25 a.m.•4 views

CVE-2023-45821

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the registryIsDockerHub function was only checking that the...

6.3CVSS7AI score0.00036EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:5 p.m.•4 views

CVE-2020-20508

Shopkit v2.7 contains a reflective cross-site scripting XSS vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field...

6.1CVSS5.6AI score0.00268EPSS

Exploits1

Veracode•added 2023/10/23 11:37 a.m.•16 views

Credential Hijacking

github.com/artifacthub/hub is vulnerable to Credential Hijacking. This vulnerability exists in the registryIsDockerHub function in oci.go because it does not properly check the domain registry in docker hub, which allows an attacker to deploy a fake OCI registry on a domain ending with docker.io,...

6.3CVSS6.7AI score0.00036EPSS

Exploits0References5Affected Software1

NVD•added 2023/04/19 8:15 p.m.•9 views

CVE-2023-28123

A permission misconfiguration in UI Desktop for Windows Version 0.59.1.71 and earlier could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later...

5.5CVSS5.4AI score0.00051EPSS

Exploits0References1

Positive Technologies•added 2023/04/19 12:0 a.m.•2 views

PT-2023-21581 · Unknown · Ui Desktop For Windows

Name of the Vulnerable Software and Affected Versions: UI Desktop for Windows versions 0.59.1.71 and earlier Description: A permission misconfiguration could allow a user to hijack VPN credentials while UID VPN is starting. Recommendations: For versions 0.59.1.71 and earlier, update to version...

5.5CVSS5.4AI score0.00051EPSS

Exploits0References3

Cvelist•added 2023/04/19 12:0 a.m.•10 views

CVE-2023-28123

5.6AI score0.00051EPSS

Exploits0References1

OpenVAS•added 2020/05/18 12:0 a.m.•10195 views

nginx <= 1.18.0 HTTP Request Smuggling Vulnerability

Deprecated since the CVE has been rejected: SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8AI score

Exploits0References1

Packet Storm•added 2019/09/03 12:0 a.m.•303 views

Cisco IronPort C350 Header Injection

!/usr/bin/perl -w Cisco IronPort C350 Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev is not liable for any...

0.1AI score

Exploits0

Packet Storm•added 2019/09/03 12:0 a.m.•305 views

Cisco Email Security Virtual Appliance C370 IronPort Header Injection

!/usr/bin/perl -w Cisco Email Security Virtual Appliance C370 IronPort Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...

0.4AI score

Exploits0

Packet Storm•added 2019/09/03 12:0 a.m.•305 views

Cisco Email Security Virtual Appliance C600V IronPort Header Injection

!/usr/bin/perl -w Cisco Email Security Virtual Appliance C600V IronPort Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todo...

0.3AI score

Exploits0

Packet Storm•added 2019/09/03 12:0 a.m.•251 views

Cisco C690 Email Security Appliance 11.0.2-044 IronPort Header Injection

!/usr/bin/perl -w Cisco C690 Email Security Appliance Version: 11.0.2-044 IronPort Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fac...

0.5AI score

Exploits0

OpenVAS•added 2015/08/14 12:0 a.m.•37 views

Apache HTTP Server Multiple Vulnerabilities (Aug 2015) - Linux

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver";...

5CVSS6.1AI score0.24118EPSS

Exploits0References4

OpenVAS•added 2015/08/14 12:0 a.m.•36 views

Apache HTTP Server Multiple Vulnerabilities (Aug 2015) - Windows

5CVSS6.1AI score0.24118EPSS

Exploits0References4

Debian•added 2015/08/01 10:4 p.m.•37 views

[SECURITY] [DSA 3325-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3325-1 [email protected] https://www.debian.org/security/ Stefan Fritsch August 01, 2015 https://www.debian.org/security/faq -...

5CVSS8.4AI score0.24118EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by