CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

106 matches found

EUVD•added 2026/04/01 3:31 a.m.•2 views

EUVD-2025-209158

XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by openbasedir restrictions. This allows an attacker to obtain information about the server's directory structure...

8.7CVSS5.9AI score0.00016EPSS

Exploits0References3

NVD•added 2026/04/01 1:16 a.m.•2 views

CVE-2025-71282

8.7CVSS0.00016EPSS

Exploits0References2

CVE•added 2026/04/01 12:30 a.m.•3 views

CVE-2025-71282

XenForo before 2.3.7 discloses filesystem paths via exception messages triggered by open_basedir restrictions, enabling an attacker to obtain information about the server’s directory structure. Affected product: XenForo web forum software (pre-2.3.7). Root cause: exception messages reveal filesys...

8.7CVSS5.9AI score0.00016EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/03/23 10:58 p.m.•2 views

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS5.9AI score0.00022EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2026/03/20 8:5 a.m.•1 views

CVE-2026-33012

A flaw was found in Micronaut Framework. Remote attackers can exploit an unbounded cache in the DefaultHtmlErrorResponseBodyProvider component by influencing exception messages, such as through request query parameters. This can lead to uncontrolled memory growth and an OutOfMemoryError, resultin...

7.5CVSS5.6AI score0.00056EPSS

Exploits0References6

Cvelist•added 2026/03/06 4:22 a.m.•23 views

CVE-2026-28675 OpenSift: Sensitive implementation details exposed via raw exception messages and token-returning endpoints

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered responses and token rotation output. This...

5.3CVSS0.00041EPSS

Exploits0References5

CVE•added 2026/03/06 4:22 a.m.•9 views

CVE-2026-28675

OpenSift (OpenSift project) prior to version 1.6.3-alpha exposed sensitive data: some endpoints returned raw exception strings, and login token material appeared in UI/rendered responses and token rotation output. The issue has been patched in version 1.6.3-alpha. Affected component behavior was ...

5.3CVSS5.8AI score0.00041EPSS

Exploits0References5Affected Software1

OSV•added 2026/03/06 4:22 a.m.•1 views

CVE-2026-28675 OpenSift: Sensitive implementation details exposed via raw exception messages and token-returning endpoints

5.3CVSS5.7AI score0.00041EPSS

Exploits0References7

Snyk•added 2026/03/04 11:24 p.m.•1 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the default exception handling process. An attacker can obtain sensitive internal exception messages by triggering an unhandled exception, causing the server to include the exception message in the EXCEPTIONWHAT...

6.9CVSS5.8AI score0.00076EPSS

Exploits1References2

ATTACKERKB•added 2026/03/04 7:34 p.m.•2 views

CVE-2026-28434

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via setexceptionhandler, the library catches the exception and writes its message...

5.3CVSS5.7AI score0.00076EPSS

Exploits1References3Affected Software1

EUVD•added 2025/10/21 12:31 p.m.•1 views

EUVD-2022-54709

In the Linux kernel, the following vulnerability has been resolved: arm64: compat: Do not treat syscall number as ESRELx for a bad syscall If a compat process tries to execute an unknown system call above the ARMNRCOMPATEND number, the kernel sends a SIGILL signal to the offending process...

5.5CVSS5.1AI score0.00056EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2005-4756

Malware in sbrugna...

7.5CVSS6.4AI score0.01404EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2015-4966

Malware in sbrugna...

2.1CVSS6.2AI score0.00061EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2009-3958

Malware in sbrugna...

7.8CVSS6AI score0.00812EPSS

Exploits1References14

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-2599

Malware in sbrugna...

4.3CVSS4.6AI score0.00166EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-17366

Malicious code in bioql PyPI...

6.5CVSS7.2AI score0.67928EPSS

Exploits6References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-4961

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00503EPSS

Exploits0References11

Amazon•added 2025/07/10 12:0 a.m.•1 views

Medium: jackson-core

Issue Overview: Jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's JsonLocation.appendSourceDesc method allows up to 500 bytes of unintended...

4CVSS6.4AI score0.00027EPSS

Exploits0

Tenable Nessus•added 2025/07/10 12:0 a.m.•3 views

Amazon Linux 2023 : jackson-core (ALAS2023-2025-1063)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1063 advisory. Jackson-core contains core low-level incremental streaming parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in...

4CVSS7.6AI score0.00027EPSS

Exploits0References4

Amazon•added 2025/06/24 12:0 a.m.•2 views

Medium: aws-kinesis-agent

4CVSS6.4AI score0.00027EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by