CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

CNNVD•added 2026/02/03 12:0 a.m.•3 views

Claude Code 输入验证错误漏洞

Claude Code is an open-source proxy encoding tool developed by Anthropic. Versions of Claude Code prior to 1.0.111 contained a vulnerability related to input validation errors. This vulnerability stemmed from the insufficient URL validation in the trusted domain verification mechanism of WebFetch...

7.4CVSS5.8AI score0.00018EPSS

Exploits0References1

Tenable Nessus•added 2025/11/13 12:0 a.m.•6 views

Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Improper Input Validation (CVE-2023-46218)

This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mix...

6.5CVSS6.2AI score0.00213EPSS

Exploits1References7

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-12102

Malicious code in bioql PyPI...

7.5CVSS6.8AI score0.00071EPSS

Exploits0References7

Github Security Blog•added 2025/09/04 7:24 p.m.•7 views

Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter

Summary When using Astro's Cloudflare adapter @astrojs/cloudflare configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URLs it receives, allowing content from unauthorized third-party domains to be served...

7.2CVSS6AI score0.00376EPSS

Exploits1References4Affected Software1

IBM Security Bulletins•added 2025/09/01 2:52 p.m.•4 views

Security Bulletin: A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, which affects IBM watsonx.data

Summary A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-27820 DESCRIPTION: A bug in PSL validation...

7.5CVSS6.7AI score0.00071EPSS

Exploits0Affected Software1

Snyk•added 2025/07/18 10:48 p.m.•2 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the certificate verification process on MacOS systems when built with both WOLFSSLSYSCACERTS and WOLFSSLAPPLENATIVECERTVALIDATION options enabled. An attacker can impersonate a trusted server by...

9.2CVSS5.8AI score0.00177EPSS

Exploits0References2

RedHat Linux•added 2025/07/02 8:27 a.m.•2 views

firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...

6.5CVSS5.8AI score0.00431EPSS

Exploits0References5

RedHat Linux•added 2025/07/02 5:27 a.m.•2 views

firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com

6.5CVSS5.8AI score0.00431EPSS

Exploits0References5

RedHat Linux•added 2025/07/01 9:44 p.m.•4 views

firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com

6.5CVSS5.8AI score0.00431EPSS

Exploits0References5

RedHat Linux•added 2025/07/01 7:42 p.m.•4 views

firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com

6.5CVSS5.8AI score0.00431EPSS

Exploits0References5

AlpineLinux•added 2025/06/24 1:15 p.m.•2 views

CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox 140, Firefox ESR...

6.5CVSS6.5AI score0.00431EPSS

Exploits0References7

OSV•added 2025/06/24 1:15 p.m.•0 views

UBUNTU-CVE-2025-6429

6.5CVSS6.6AI score0.00431EPSS

Exploits0References8

ATTACKERKB•added 2025/06/24 12:28 p.m.•2 views

CVE-2025-6429

6.5CVSS5.8AI score0.00431EPSS

Exploits0References6

F5 Networks•added 2025/05/14 6:48 p.m.•9 views

K000151334: Apache HttpClient vulnerability CVE-2025-27820

Security Advisory Description A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release CVE-2025-27820 Impact There is no impact; F5 products are not...

7.5CVSS6.8AI score0.00071EPSS

Exploits0

RedhatCVE•added 2025/04/26 12:6 p.m.•17 views

CVE-2025-27820

A flaw was found in Apache HttpClient. This vulnerability allows unauthorized access or information disclosure via disabled Public Suffix List PSL validation, affecting cookie management and hostname verification. Mitigation Mitigation for this issue is either not available or the currently...

6.5CVSS7.1AI score0.00071EPSS

Exploits0References8

Github Security Blog•added 2025/04/24 12:31 p.m.•17 views

Apache HttpClient disables domain checks

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...

7.5CVSS7.1AI score0.00071EPSS

Exploits0References7Affected Software1

OSV•added 2025/04/24 12:31 p.m.•1 views

GHSA-73M2-QFQ3-56CX Apache HttpClient disables domain checks

7.5CVSS6.8AI score0.00071EPSS

Exploits0References7