CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

OSV•added 2026/05/07 8:46 a.m.•3 views

BIT-MODSECURITY2-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

8.2CVSS5.6AI score0.00435EPSS

Exploits1References3

OSV•added 2026/05/07 8:45 a.m.•4 views

BIT-MODSECURITY-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings

8.2CVSS5.5AI score0.00435EPSS

Exploits1References3

SUSE CVE•added 2026/05/07 2:21 a.m.•6 views

SUSE CVE-2026-30923

8.2CVSS5.5AI score0.00435EPSS

Exploits1References3

Positive Technologies•added 2026/05/07 12:0 a.m.•9 views

PT-2026-38473

8.2CVSS5.5AI score0.00435EPSS

Exploits1References4

NVD•added 2026/05/05 7:16 p.m.•4 views

CVE-2026-30923

8.2CVSS0.00435EPSS

Exploits1References2

Cvelist•added 2026/05/05 6:46 p.m.•32 views

CVE-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings

8.2CVSS0.00435EPSS

Exploits1References2

Vulnrichment•added 2026/05/05 6:46 p.m.•6 views

CVE-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings

8.2CVSS5.6AI score0.00435EPSS

Exploits1References2

CVE•added 2026/05/05 6:46 p.m.•20 views

CVE-2026-30923

CVE-2026-30923 affects libModSecurity3 (ModSecurity v3) where a rule using the t:hexDecode transformation can trigger a segmentation fault when inspecting a single-character query string, causing worker process crashes and denial of service. All versions prior to 3.0.15 are affected; the issue is...

8.2CVSS5.6AI score0.00435EPSS

Exploits1References2Affected Software1

CNNVD•added 2026/05/05 12:0 a.m.•10 views

Modsecurity 缓冲区错误漏洞

Modsecurity is an open-source web traffic security processing library developed by OWASP ModSecurity. Versions of Modsecurity prior to 3.0.15 contained a buffer error vulnerability. This vulnerability arises from using the t:hexDecode conversion in rule checks for query string parameters containi...

8.2CVSS6AI score0.00435EPSS

Exploits1References1

Positive Technologies•added 2026/05/01 12:0 a.m.•5 views

PT-2026-36537

Name of the Vulnerable Software and Affected Versions libModSecurity3 versions prior to 3.0.15 Description A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a single character. This allows an attacker to crash worker processe...

8.2CVSS5.8AI score0.00435EPSS

Exploits1References11

FreeBSD•added 2026/04/28 12:0 a.m.•10 views

modsecurity3 -- multiple vulnerabilities

ModSecurity is an open source web application firewall engine. According to the upstream changelog, multiple vulnerabilities have been fixed. CVE-2026-42268: unsigned integer underflow in verify operators CVE-2026-30923: buffer overflow in hexdecode...

8.2CVSS6AI score0.00435EPSS

Exploits2References1

OPENSUSE Linux•added 2026/03/12 12:0 a.m.•6 views

Security update for python-PyPDF2 (moderate)

openSUSE security update: security update for python-pypdf2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20348-1 Rating: moderate References: bsc1259404 Cross-References: CVE-2026-28804 CVSS scores: CVE-2026-28804 SUSE : 6.5...

6.9CVSS5.8AI score0.00399EPSS

Exploits0References1

SUSE CVE•added 2026/03/10 12:24 a.m.•2 views

SUSE CVE-2026-28804

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5...

6.5CVSS5.7AI score0.00399EPSS

Exploits0References3

NVD•added 2026/03/06 7:16 a.m.•7 views

CVE-2026-28804

6.9CVSS0.00399EPSS

Exploits0References4

OSV•added 2026/03/06 7:16 a.m.•5 views

UBUNTU-CVE-2026-28804

6.9CVSS5.7AI score0.00399EPSS

Exploits0References6

Vulnrichment•added 2026/03/06 6:46 a.m.•2 views

CVE-2026-28804 pypdf: Inefficient decoding of ASCIIHexDecode streams

6.9CVSS5.7AI score0.00399EPSS

Exploits0References4

UbuntuCve•added 2026/03/06 12:0 a.m.•3 views

CVE-2026-28804

6.9CVSS5.8AI score0.00399EPSS

Exploits0References5

CNNVD•added 2026/03/06 12:0 a.m.•4 views

pypdf 安全漏洞

pypdf is an open-source, free Python library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages within PDF files. Prior to version 6.7.5, pypdf had a security vulnerability. This vulnerability stemmed from the use of the /ASCIIHexDecode filter when accessing...

6.9CVSS5.9AI score0.00399EPSS

Exploits0References4

curl security advisories•added 2013/06/22 8:0 a.m.•5 views

URL decode buffer boundary flaw

libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL encoded strings to raw binary data. URL encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal number. The decoded strin...

6.8CVSS6.9AI score0.11118EPSS

Exploits2Affected Software2

Packet Storm•added 2000/04/01 12:0 a.m.•55 views

icadecrypt.c.txt

/ icadecrypt.c Decrypt stored Citrix ICA passwords in appsrv.ini. Dug Song / include include include include include int hexdecodechar src, uchar dst, int outsize char p, pe; uchar q, qe, ch, cl; pe = src + strlensrc; qe = dst + outsize; for p = src, q = dst; p = '0' && ch = 'a' && ch = '0' && cl...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by