CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

283 matches found

IBM Security Bulletins•added 2025/03/26 9:54 p.m.•18 views

Security Bulletin: IBM Controller is affected by vulnerabilities

Summary There are vulnerabilities in IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Controller. Additionally, IBM Controller is vulnerable to Client-Side Desync CSD CVE-2022-39163. Please refer to the table in the Related Information section for...

7.5CVSS6.7AI score0.00943EPSS

Exploits2Affected Software2

NVD•added 2025/03/26 2:15 p.m.•14 views

CVE-2022-39163

IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync CSD attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting XSS attacks...

4.7CVSS0.00173EPSS

Exploits0References1

OSV•added 2025/03/26 2:15 p.m.•3 views

CVE-2022-39163

4.7CVSS5.7AI score0.00173EPSS

Exploits0References1

Vulnrichment•added 2025/03/26 1:51 p.m.•14 views

CVE-2022-39163 IBM Cognos Controller HTTP response smuggling

4.7CVSS5.8AI score0.00173EPSS

Exploits0References1

CVE•added 2025/03/26 1:51 p.m.•90 views

CVE-2022-39163

CVE-2022-39163 (IBM Cognos Controller) affects IBM Cognos Controller 11.0.0–11.1.0 and IBM Controller 11.1.0, due to a Client-Side Desync (CSD) attack that could desynchronize a browser connection and enable cross-site scripting (XSS). The documented impact is limited to potential XSS via a desyn...

4.7CVSS5.8AI score0.00173EPSS

Exploits0References1Affected Software2

Cvelist•added 2025/03/26 1:51 p.m.•15 views

CVE-2022-39163 IBM Cognos Controller HTTP response smuggling

4.7CVSS0.00173EPSS

Exploits0References1

OSV•added 2025/03/25 7:44 a.m.•6 views

BIT-VARNISH-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

5.4CVSS7.2AI score0.00266EPSS

Exploits0References3

Tenable Nessus•added 2025/03/23 12:0 a.m.•12 views

FreeBSD : www/varnish7 -- client-side desync vulnerability (26f6733d-06a9-11f0-ba0b-641c67a117d8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 26f6733d-06a9-11f0-ba0b-641c67a117d8 advisory. The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish...

5.4CVSS5.8AI score0.00266EPSS

Exploits0References3

SUSE CVE•added 2025/03/22 2:10 p.m.•2 views

SUSE CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

4.8CVSS7AI score0.00266EPSS

Exploits0References4

NVD•added 2025/03/21 7:15 a.m.•13 views

CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

5.4CVSS0.00266EPSS

Exploits0References2

OSV•added 2025/03/21 7:15 a.m.•1 views

ALPINE-CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

4.8CVSS7AI score0.00266EPSS

Exploits0References1

OSV•added 2025/03/21 7:15 a.m.•1 views

DEBIAN-CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

4.8CVSS5.6AI score0.00266EPSS

Exploits0References1

OSV•added 2025/03/21 7:15 a.m.•9 views

CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

4.8CVSS7.2AI score

Exploits0References2

OSV•added 2025/03/21 7:15 a.m.•0 views

UBUNTU-CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

5.4CVSS5.8AI score0.00266EPSS

Exploits0References5

Cvelist•added 2025/03/21 12:0 a.m.•9 views

CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

5.4CVSS0.00266EPSS

Exploits0References1

Vulnrichment•added 2025/03/21 12:0 a.m.•9 views

CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

5.4CVSS7.2AI score0.00266EPSS

Exploits0References1

Positive Technologies•added 2025/03/21 12:0 a.m.•1 views

PT-2025-12401

Name of the Vulnerable Software and Affected Versions Varnish Cache versions prior to 7.6.2 Varnish Enterprise versions prior to 6.0.13r10 Description The issue allows client-side desync via HTTP/1 requests. Recommendations For Varnish Cache versions prior to 7.6.2, update to version 7.6.2 or...

5.4CVSS6AI score0.00266EPSS

Exploits0References37

Debian CVE•added 2025/03/21 12:0 a.m.•9 views

CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

5.4CVSS5.6AI score0.00266EPSS

Exploits0

CVE•added 2025/03/21 12:0 a.m.•99 views

CVE-2025-30346

Varnish Cache and Varnish Enterprise are affected by CVE-2025-30346: a HTTP/1 client-side desync vulnerability that can be triggered by malformed HTTP/1 requests. Affected versions are Varnish Cache prior to 7.6.2 and Varnish Enterprise prior to 6.0.13r10. The vulnerability description in connect...

5.4CVSS7.1AI score0.00266EPSS

Exploits0References2Affected Software2

Packet Storm•added 2025/03/07 12:0 a.m.•316 views

Kerberos 5-1.21.3 Privilege Escalation / Ticket Injection

Kerberos version 5-1.21.3 privilege escalation and ticket injection proof of concept exploit that demonstrates a vulnerability discovered in 2014. ============================================================================================================================================= | Title ...

8.8CVSS7.9AI score0.87448EPSS

Exploits8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by