CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

159 matches found

Gradio - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

8.6CVSS7.3AI score0.65093EPSS

Exploits1References2

RedhatCVE•added 2026/01/09 9:30 a.m.•6 views

CVE-2023-29004

hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI 6.3.9.0 at the moment of writing this report. The vulnerability can be exploited via an HTTP request to /app/options.py and the...

6.5CVSS6.8AI score0.00432EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:2 a.m.•7 views

CVE-2023-25096

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8AI score0.00291EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:2 a.m.•6 views

CVE-2023-25119

7.2CVSS8.1AI score0.00302EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:1 a.m.•6 views

CVE-2023-25088

7.2CVSS8.1AI score0.00291EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:43 a.m.•8 views

CVE-2022-37337

A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS7AI score0.00668EPSS

Exploits1References1