CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

UbuntuCve•added 2026/05/22 9:16 p.m.•7 views

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS5.7AI score0.00007EPSS

Exploits0References3

Positive Technologies•added 2026/04/08 12:0 a.m.•1 views

PT-2026-31346

Name of the Vulnerable Software and Affected Versions Logstash affected versions not specified Description Logstash is susceptible to a flaw where improper validation of file paths within compressed archives can lead to arbitrary file write and potential remote code execution through Relative Pat...

8.1CVSS6.5AI score0.00597EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2022-40295

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00562EPSS

Exploits0References2

OSV•added 2025/03/21 9:15 a.m.•4 views

CVE-2025-25068

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes...

8.8CVSS6.9AI score

Exploits0References1

GitLab Advisory Database•added 2025/03/20 12:0 a.m.•9 views

H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint

A vulnerability in the /3/Parse endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an...

7.5CVSS6.8AI score0.00345EPSS

Exploits1References5Affected Software1

Positive Technologies•added 2025/02/28 12:0 a.m.•2 views

PT-2025-9102 · Opencart · Opencart

Name of the Vulnerable Software and Affected Versions: OpenCart versions prior to 4.1.0 Description: The issue allows an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in "/account/login" API endpoint. This could potentially lead to...

4.7CVSS6.4AI score0.00121EPSS

Exploits0References9

ATTACKERKB•added 2024/05/03 3:15 a.m.•0 views

CVE-2023-41192

D-Link DAP-1325 HNAP SetAPLanSettings PrimaryDNS Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability...

8.8CVSS6.3AI score0.01756EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2022/08/02 5:55 p.m.•5 views

CVE-2022-35924 Verification requests (magic link) sent to unwanted emails

NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...

9.1CVSS9.3AI score0.0042EPSS

Exploits0References8

RedHat Linux•added 2017/04/03 9:2 p.m.•2 views

camel-snakeyaml: Unmarshalling operation is vulnerable to RCE

It was found that the camel-snakeyaml component is exploitable for code execution. An attacker could use this vulnerability to send specially crafted payload to a camel-snakeyaml endpoint and causing a remote code execution attack...

9.8CVSS6.4AI score0.02766EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by