CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leadi...

6AI score0.00302EPSS

Exploits1References4

Positive Technologies•added 2025/09/26 12:0 a.m.•3 views

PT-2025-39521

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A username enumeration issue exists when Multi-Attribute Login is enabled. The system provides a different response for existing and non-existing usernames, regardless of the validate...

3.7CVSS6.4AI score0.00234EPSS

Exploits0References5

CNNVD•added 2025/09/24 12:0 a.m.•2 views

DivvyDrive Web 安全漏洞

DivvyDrive Web is a file management and sharing system from the Turkish company DivvyDrive. A security vulnerability exists in DivvyDrive Web versions 4.8.2.2 through prior to 4.8.2.15, which stems from the presence of an observable timing difference that could lead to a cross-domain search timin...

4.3CVSS6.5AI score0.00218EPSS

Exploits0References1

CNNVD•added 2025/09/18 12:0 a.m.•2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a difference-in-difference error in the isexecutablesection function, which could lead to out-of-bounds access t...

5.5CVSS5.9AI score0.00136EPSS

Exploits0References9

Github Security Blog•added 2025/09/17 3:30 p.m.•8 views

Jenkins is missing a permission check in the authenticated users' profile menu

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu. This allows attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available options in this menu...

4.3CVSS6.2AI score0.00448EPSS

Exploits0References4Affected Software1

OSSF Malicious Packages•added 2025/09/05 5:10 p.m.•2 views

Malicious code in difference-bent-news (npm)

The package difference-bent-news was found to contain malicious code...

7AI score

Exploits0

OSV•added 2025/09/05 5:10 p.m.•1 views

MAL-2025-44023 Malicious code in difference-bent-news (npm)

The package difference-bent-news was found to contain malicious code...

7AI score

Exploits0

ATTACKERKB•added 2025/08/19 8:33 p.m.•3 views

CVE-2025-9179

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14,...

9.8CVSS5.8AI score0.0053EPSS

Exploits0References9

CNNVD•added 2025/08/03 12:0 a.m.•1 views

iperf 安全漏洞

iperf is an ESnet open source tool for actively measuring the maximum bandwidth achievable on an IP network. A security vulnerability exists in iperf versions prior to 3.19.1, which stems from a difference-one error in iperfauth.c that could lead to a heap buffer overflow...

10CVSS5.6AI score0.00365EPSS

Exploits0References2

CNNVD•added 2025/07/20 12:0 a.m.•3 views

Mbed TLS 安全漏洞

Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library from Mbed TLS Open Source. A security vulnerability exists in Mbed TLS versions 3.6.1 through 3.6.3 that stems from a timing difference and could lead to plaintext recovery...

4CVSS6.3AI score0.00395EPSS

Exploits1References3

Packet Storm News•added 2025/07/20 12:0 a.m.•2 views

Frame-Level Temporal Difference Learning for Partial Deepfake Speech Detection

Detecting partial deepfake speech is essential due to its potential for subtle misinformation. However, existing methods depend on costly frame-level annotations during training, limiting real-world scalability. Also, they focus on detecting transition artifacts between bonafide and deepfake...

6.3AI score

Exploits0

Packet Storm News•added 2025/06/21 12:0 a.m.•4 views

Busting the Paper Ballot: Voting Meets Adversarial Machine Learning

We show the security risk associated with using machine learning classifiers in United States election tabulators. The central classification task in election tabulation is deciding whether a mark does or does not appear on a bubble associated to an alternative in a contest on the ballot. Barrett...

6.6AI score

Exploits0

OSV•added 2025/06/14 5:46 a.m.•5 views

BIT-GOLANG-2025-0913 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

5.5CVSS5.8AI score0.0024EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by