CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/21 9:59 p.m.•7 views

CVE-2004-2091

Microsoft Baseline Security Analyzer MBSA 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security...

5CVSS7AI score0.14432EPSS

Exploits0References1

The Hacker News•added 2025/03/11 11:25 a.m.•17 views

Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security , believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world...

7.6AI score

Hacker One•added 2023/10/29 2:55 a.m.•31 views

PortSwigger Web Security: Title: Deceptive Manipulation of HTTP to HTTPS with VPN in Burp Suite

Vulnerability description not provided...

Malwarebytes•added 2023/02/23 2:0 a.m.•19 views

Samsung adds Message Guard protection against zero-click exploits

Samsung has announced the introduction of Message Guard for the Samsung Galaxy S23 series. It will be gradually rolled out to other Galaxy smartphones and tablets later this year. Message Guard works on images received in messages by the apps "Samsung Messages" and "Messages by Google" and...

wpexploit•added 2021/04/21 12:0 a.m.•313 views

iThemes Security Free (< 7.9.1) & Pro (< 6.8.4) - Hide Backend Bypass

Both the iThemes Security free and pro versions were affected. - Patched in Version iThemes Security: 7.9.1 - Patched in Version iThemes Security Pro: 6.8.4 The bug allowed attackers to bypass the "Hide Backend" feature, that, when enabled, hides the WordPress wp-login.php and wp-admin pages...

Prion•added 2020/05/07 9:15 p.m.•10 views

Exploits0References2

Code injection

In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the UR...

4.3CVSS3.7AI score0.0065EPSS

Exploits0References16Affected Software2

Hacker One•added 2017/04/13 1:52 p.m.•15 views

HackerOne: API Last Request Date/Time Not Updating

Hi All, I believe I've found a minor vulnerability with regards to your API last request date/time. However, I could not find any documentation on what this value is supposed to represent / when it should be relied on so I debated reporting this but figured it might in fact be an issue. Descripti...

6.9AI score

seebug.org•added 2014/07/01 12:0 a.m.•17 views

DCP-Portal 3.7/4.x/5.x Calendar.PHP HTTP Response Splitting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11340/info DCP-Portal is reported prone to a HTTP response splitting vulnerability. The issue presents itself due to a flaw in the affected script that allows an attacker to manipulate how GET requests are handled. A remo...

seebug.org•added 2014/07/01 12:0 a.m.•22 views

GnuPG 1.x Detached Signature Verification Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16663/info GnuPG is affected by a detached signature verification-bypass vulnerability because it fails to properly notify scripts that an invalid detached signature was presented and that the verification process has...

seebug.org•added 2014/07/01 12:0 a.m.•23 views

Microsoft Outlook Express 4.x/5.x/6.0 Attachment Processing File Extension Obfuscation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13837/info Microsoft Outlook Express is prone to an attachment file extension obfuscation vulnerability that may present a risk under certain configurations. The issue manifests due to Microsoft Outlook Express behavior...

6.7AI score

seebug.org•added 2014/07/01 12:0 a.m.•17 views

PHP 4.x/5 cURL Open_Basedir Restriction Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11557/info It is reported that cURL allows malicious users to bypass 'openbasedir' restrictions in PHP scripts. This issue is due to a failure of the cURL module to properly enforce PHPs 'openbasedir' restriction. Users...

seebug.org•added 2014/07/01 12:0 a.m.•13 views

Mozilla Firefox <= 3.0.10 and SeaMonkey <= 1.1.16 Address Bar URI Spoofing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35388/info Mozilla Firefox and SeaMonkey are affected by a URI-spoofing vulnerability because they fail to adequately handle user-supplied data. An attacker may leverage this issue by inserting arbitrary content to spoof ...

seebug.org•added 2014/07/01 12:0 a.m.•31 views

Google Chrome Google Chrome 2.0.172 'About:blank' Address Bar URI Spoofing Vulnerability'About:blank' Address Bar URI Spoofing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35839/info Google Chrome is affected by a URI-spoofing vulnerability. An attacker may leverage this issue by inserting arbitrary content to spoof a URI presented to an unsuspecting user. This may lead to a false sense of...

seebug.org•added 2014/07/01 12:0 a.m.•15 views

PHPWebSite 0.7.3/0.8.x/0.9.3 User Module HTTP Response Splitting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11673/info A remote HTTP response splitting vulnerability reportedly affects phpWebSite in its user module. This issue is due to a failure of the application to properly sanitize user-supplied input. A remote attacker may...

Exploit DB•added 2012/03/28 12:0 a.m.•41 views

Apple Safari 5.1.5 For Windows - 'window.open()' URI Spoofing

source: https://www.securityfocus.com/bid/52746/info Apple Safari for Windows is affected by a URI-spoofing vulnerability. An attacker may leverage this issue to spoof the source URI of a site presented to an unsuspecting user. This may lead to a false sense of trust because the user may be...

exploitpack•added 2012/02/23 12:0 a.m.•13 views

Mobile Mp3 Search Script 2.0 - dl.php HTTP Response Splitting

Mobile Mp3 Search Script 2.0 - dl.php HTTP Response Splitting source: https://www.securityfocus.com/bid/52136/info Mobile Mp3 Search Script is prone to an HTTP-response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to...

exploitpack•added 2011/09/19 12:0 a.m.•15 views

Toko Lite CMS 1.5.2 - HTTP Response Splitting Cross-Site Scripting

Toko Lite CMS 1.5.2 - HTTP Response Splitting Cross-Site Scripting source: https://www.securityfocus.com/bid/49673/info Toko LiteCMS is prone to an HTTP-response-splitting vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An...

6.8AI score