CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

892 matches found

RedhatCVE•added 2026/01/09 8:58 a.m.•7 views

CVE-2023-45321

The Android Client application, when enrolled with the define method 1 the user manually inserts the server ip address, use HTTP protocol to retrieve sensitive information ip address and credentials to connect to a remote MQTT broker entity instead of HTTPS and this feature is not configurable by...

8.8CVSS6.7AI score0.00044EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:53 a.m.•3 views

CVE-2021-27422

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...

7.5CVSS6.6AI score0.00103EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:33 a.m.•4 views

CVE-2019-7225

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags MODBUS coils mapping to the HMI. These credentials are the idal123...

8.8CVSS7.1AI score0.0021EPSS

Exploits1References1

NVD•added 2026/01/06 4:15 p.m.•2 views

CVE-2020-36917

iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middl...

8.6CVSS0.00084EPSS

Exploits1References6

OSV•added 2025/12/15 11:28 p.m.•3 views

GHSA-84H7-RJJ3-6JX4 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder

Summary The io.netty.handler.codec.http.HttpRequestEncoder CRLF injection with the request uri when constructing a request. This leads to request smuggling when HttpRequestEncoder is used without proper sanitization of the uri. Details The HttpRequestEncoder simply UTF8 encodes the uri without...

6.5CVSS7.2AI score0.00024EPSS

Exploits1References4

Cvelist•added 2025/12/11 8:58 p.m.•23 views

CVE-2025-64702 quic-go HTTP/3 QPACK Header Expansion DoS

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...

5.3CVSS0.00015EPSS

Exploits0References2

Positive Technologies•added 2025/12/10 12:0 a.m.•4 views

PT-2026-36811

Name of the Vulnerable Software and Affected Versions Apache HTTP Server version 2.4.66 Description A memory corruption issue exists in the HTTP/2 implementation of the Apache HTTP Server, specifically within the mod http2 module. The flaw is caused by a double free condition, which occurs when t...

10CVSS7.7AI score0.01123EPSS

Exploits14References210

RedHat Linux•added 2025/12/09 3:25 p.m.•4 views

tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames

A flaw was found in Apache Tomcat where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream...

7.5CVSS7.2AI score0.01022EPSS

Exploits0References6

SUSE CVE•added 2025/12/05 12:43 a.m.•3 views

SUSE CVE-2025-13945

HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service...

5.5CVSS6.5AI score0.00042EPSS

Exploits1References5

NVD•added 2025/12/01 4:15 p.m.•2 views

CVE-2024-32384

Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device...

7.4CVSS0.00015EPSS

Exploits0References2

Rockylinux•added 2025/11/28 9:4 a.m.•4 views

container-tools:rhel8 security and bug fix update

An update is available for libslirp, module.libslirp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The container-tools module contains tools for working with...

9.8CVSS6AI score0.02514EPSS

Exploits3

Microsoft CVE•added 2025/11/13 1:1 a.m.•5 views

BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).

...

6.5CVSS7AI score0.00069EPSS

Exploits1

Tenable Nessus•added 2025/10/27 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2025-12105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2...

7.5CVSS5.3AI score0.00071EPSS

Exploits0References2

RedhatCVE•added 2025/10/23 9:14 a.m.•1 views

CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

7.5CVSS5.9AI score0.00071EPSS

Exploits0References3