CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1988 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-44822

Malicious code in bioql PyPI...

7.2CVSS7AI score0.00091EPSS

Exploits1References6

Debian•added 2025/10/03 12:30 p.m.•5 views

[SECURITY] [DSA 6017-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6017-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 03, 2025 https://www.debian.org/security/faq -...

7.5CVSS6.8AI score0.00468EPSS

Exploits0

Snyk•added 2025/10/03 12:0 a.m.•1 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity due to an inefficient algorithmic complexity issue in the mjson parsing library when analyzing JSON content, such as with the jsonquery or jwtpayloadquery function. An attacker can cause resource...

8.7CVSS6.7AI score0.00468EPSS

Exploits0References2

Tenable Nessus•added 2025/10/03 12:0 a.m.•4 views

Debian dsa-6017 : haproxy - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6017 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6017-1 [email protected] https://www.debian.org/security/...

7.5CVSS7AI score0.00468EPSS

Exploits0References5

OSV•added 2025/10/03 12:0 a.m.•1 views

DSA-6017-1 haproxy - security update

Bulletin has no description...

7.5CVSS7AI score0.00468EPSS

Exploits0

Microsoft CVE•added 2025/10/02 6:11 a.m.•8 views

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.

...

5.3CVSS7AI score0.00105EPSS

Exploits0

Microsoft CVE•added 2025/10/02 6:11 a.m.•2 views

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.

...

8.2CVSS7AI score0.00027EPSS

Exploits0

OSV•added 2025/10/02 12:0 a.m.•0 views

UBUNTU-CVE-2025-11230

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...

7.5CVSS5.8AI score0.00468EPSS

Exploits0References3

Positive Technologies•added 2025/10/02 12:0 a.m.•1 views

PT-2025-40954

Name of the Vulnerable Software and Affected Versions HAProxy versions prior to 2.6.12-1+deb12u3 HAProxy versions prior to 3.0.11-1+deb13u1 HAProxy version 3.0.8-1ubuntu1.2 Description HAProxy is susceptible to a denial of service condition when parsing specific JSON numbers. An attacker could...

7.5CVSS6.4AI score0.00468EPSS

Exploits0References46

RedhatCVE•added 2025/09/11 8:27 p.m.•4 views

CVE-2025-34172

In pfSense CE /usr/local/www/haproxy/haproxystats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated...

4.8CVSS6.2AI score0.00044EPSS

Exploits0References1

Wolfi•added 2025/09/11 2:53 p.m.•1 views

GHSA-8G2X-6FRQ-Q83X vulnerabilities

Vulnerabilities for packages: haproxy...

7AI score

Exploits0

Wolfi•added 2025/09/11 2:53 p.m.•6 views

CVE-2016-2102 vulnerabilities

Vulnerabilities for packages: haproxy...

5.3CVSS7AI score0.00014EPSS

Exploits0

Chainguard•added 2025/09/11 2:22 p.m.•2 views

GHSA-8G2X-6FRQ-Q83X vulnerabilities

Vulnerabilities for packages: haproxy...

7AI score

Exploits0

Chainguard•added 2025/09/11 2:22 p.m.•9 views

CVE-2016-2102 vulnerabilities

Vulnerabilities for packages: haproxy...

5.3CVSS7AI score0.00014EPSS

Exploits0

OSV•added 2025/09/11 8:41 a.m.•16 views

BIT-HAPROXY-2024-45506

HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding h2send loop under a certain set of conditions, as exploited in the wild in 2024...

7.5CVSS7.3AI score0.01495EPSS

Exploits0References7

Tenable Nessus•added 2025/09/10 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-6714

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured...

7.5CVSS5.4AI score0.00256EPSS

Exploits0References2

NVD•added 2025/09/09 8:15 p.m.•3 views

CVE-2025-34172

6.1CVSS0.00044EPSS

Exploits0References3

CVE•added 2025/09/09 7:43 p.m.•11 views

CVE-2025-34172

CVE-2025-34172 affects pfSense CE (Netgate pfSense CE HAProxy package). The vulnerability exists in haproxy_stats.php where the value of the showsticktablecontent parameter is read from HTTP GET requests and then displayed, enabling reflected cross-site scripting when the victim is authenticated....

6.1CVSS5.8AI score0.00044EPSS

Exploits0References3Affected Software1