CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3247 matches found

CVE•added 2025/12/16 1:30 p.m.•11 views

CVE-2025-40354

CVE-2025-40354 affects the Linux kernel DRM/AMD display path. The fix increases the max link count (dc->links) from 12 to 14 to prevent an access overrun, and prevents a NULL pointer dereference to enc in link->enc for dpia non display_endpoint during hw_init. The vulnerability stemmed from...

6.1AI score0.00024EPSS

Exploits0References3

NVD•added 2025/12/16 1:15 a.m.•5 views

CVE-2025-67735

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when HttpRequestEncod...

6.5CVSS0.00024EPSS

Exploits1References1

OSV•added 2025/12/16 1:15 a.m.•1 views

DEBIAN-CVE-2025-67735

6.5CVSS6.2AI score0.00024EPSS

Exploits1References1

UbuntuCve•added 2025/12/16 1:15 a.m.•1 views

CVE-2025-67735

6.5CVSS6.7AI score0.00024EPSS

Exploits1References2

OSV•added 2025/12/16 1:15 a.m.•0 views

UBUNTU-CVE-2025-67735

6.5CVSS6.7AI score0.00024EPSS

Exploits1References3

Cvelist•added 2025/12/16 12:19 a.m.•27 views

CVE-2025-67735 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder

6.5CVSS0.00024EPSS

Exploits1References1

OSV•added 2025/12/16 12:19 a.m.•3 views

CVE-2025-67735 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder

6.5CVSS7.2AI score0.00024EPSS

Exploits1References3

EUVD•added 2025/12/16 12:19 a.m.•2 views

EUVD-2025-203450

6.5CVSS6.7AI score0.00024EPSS

Exploits1References3

Packet Storm News•added 2025/12/16 12:0 a.m.•2 views

ScamSweeper: Detecting Illegal Accounts in Web3 Scams Via Transactions Analysis

The web3 applications have recently been growing, especially on the Ethereum platform, starting to become the target of scammers. The web3 scams, imitating the services provided by legitimate platforms, mimic regular activity to deceive users. However, previous studies have primarily concentrated...

6.9AI score

Exploits0

OSV•added 2025/12/15 11:28 p.m.•3 views

GHSA-84H7-RJJ3-6JX4 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder

Summary The io.netty.handler.codec.http.HttpRequestEncoder CRLF injection with the request uri when constructing a request. This leads to request smuggling when HttpRequestEncoder is used without proper sanitization of the uri. Details The HttpRequestEncoder simply UTF8 encodes the uri without...

6.5CVSS7.2AI score0.00024EPSS

Exploits1References4

OSV•added 2025/12/03 11:44 a.m.•1 views

BIT-NGINX-GATEWAY-2024-32760 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

6.5CVSS6.9AI score0.00497EPSS

Exploits0References5

Positive Technologies•added 2025/11/26 12:0 a.m.•2 views

PT-2025-51671

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the multiq3 driver related to configuration options within the multiq3 attach function. Syzbot identified that crafted configuration options,...

4.3CVSS6.4AI score0.00058EPSS

Exploits0

vulnersOsv•added 2025/11/24 12:35 p.m.•4 views

@agentic-trust/8004-ext-sdk (>=1.0.0 <=1.0.40), @agentic-trust/agentic-trust-sdk (>=1.0.43 <=1.0.46) +94 more potentially affected by unknown CVE via @ensdomains/address-encoder (>=1.0.0-rc.2 <=1.1.4)

@ensdomains/address-encoder NPM version =1.0.0-rc.2, =1.0.0, =1.0.43, =0.1.0, =0.1.1, =1.0.17, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =0.1.0, =0.4.10, =0.4.11-beta.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-190665...

5.8AI score

Exploits0

OSSF Malicious Packages•added 2025/11/24 12:35 p.m.•4 views

Malicious code in @ensdomains/address-encoder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec8264ecb2af0b5028f08af1a108f7fe73cd1cbe55ea2cb7102a3e28b2e1052e The package @ensdomains/address-encoder was found to contain malicious code. Source: ghsa-malware...

6.9AI score

Exploits0References4

EUVD•added 2025/11/24 12:35 p.m.•2 views

EUVD-2025-198699

Malicious code in @ensdomains/address-encoder npm...

6.6AI score

Exploits0References1

OSV•added 2025/11/24 12:35 p.m.•2 views

MAL-2025-190665 Malicious code in @ensdomains/address-encoder (npm)

6.8AI score

Exploits0References4

RedhatCVE•added 2025/11/20 12:21 a.m.•2 views

CVE-2025-63224

The Itel DAB Encoder IDEnc build 25aec8d is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...

10CVSS7AI score0.00137EPSS

Exploits1References1

Tenable Nessus•added 2025/11/20 12:0 a.m.•4 views

TencentOS Server 4: ffmpeg (TSSA-2025:0714)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0714 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.8CVSS6.5AI score0.00297EPSS

Exploits2References3

NVD•added 2025/11/19 4:15 p.m.•3 views

CVE-2025-63224

10CVSS0.00137EPSS

Exploits1References2