CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...

5.3CVSS6.4AI score0.00156EPSS

Exploits1References4

RedhatCVE•added 2025/05/22 3:19 p.m.•5 views

CVE-2020-2187

Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks...

6.8CVSS6.8AI score0.00037EPSS

Exploits0

OSV•added 2015/06/24 2:59 p.m.•4 views

CVE-2015-3900

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."...

5CVSS5.7AI score0.02401EPSS

Exploits0References12