CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/08/07 12:0 a.m.•7 views

CVE-2025-32094

An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai...

4CVSS6.3AI score0.00517EPSS

Akamai Blog•added 2025/08/06 6:0 p.m.•14 views

CVE-2025-32094: HTTP Request Smuggling Via OPTIONS + Obsolete Line Folding

In March 2025, Akamai received a bug bounty report identifying an HTTP Request Smuggling vulnerability that was quickly resolved for all customers...

4CVSS6.7AI score0.00517EPSS

Exploits0

NVD•added 2025/08/06 5:15 p.m.•4 views

CVE-2025-20332

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This vulnerability is due to the lack of server-side validation of Administrator permissions. An attacker could exploit this...

4.3CVSS0.00369EPSS

Cvelist•added 2025/08/06 4:14 p.m.•10 views

CVE-2025-20332 Cisco Identity Services Engine Authorization Bypass Vulnerability

4.3CVSS0.00369EPSS

Vulnrichment•added 2025/08/06 4:14 p.m.•5 views

CVE-2025-20332 Cisco Identity Services Engine Authorization Bypass Vulnerability

4.3CVSS6.3AI score0.00369EPSS

OSV•added 2025/08/06 1:15 p.m.•2 views

CVE-2025-23311

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering...

9.8CVSS6.2AI score0.02464EPSS

Exploits0References3

Cvelist•added 2025/08/06 12:35 p.m.•7 views

CVE-2025-23317

NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information...

9.1CVSS0.01829EPSS

Exploits0References3

Tenable Nessus•added 2025/08/06 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2022-36760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests ...

9CVSS6.8AI score0.01879EPSS

Tenable Nessus•added 2025/08/06 12:0 a.m.•3 views

Cisco Identity Services Engine (cisco-sa-ise_xss_acc_cont-YsR4uT4U)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This vulnerability is due to the lack of...

4.3CVSS5.6AI score0.00369EPSS

Tenable Nessus•added 2025/08/04 12:0 a.m.•5 views

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1115)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1115 advisory. Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is...

6.5CVSS7.1AI score0.00422EPSS

RedhatCVE•added 2025/07/31 1:49 p.m.•2 views

CVE-2025-6175

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in DECE Software Geodi allows HTTP Request Splitting. This issue affects Geodi: before GEODI Setup 9.0.146...

7.2CVSS5.5AI score0.00201EPSS

Vulnrichment•added 2025/07/31 12:0 a.m.•4 views

CVE-2025-50847

Cross Site Request Forgery CSRF vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request...

6.4AI score0.00137EPSS

Zero Day Initiative•added 2025/07/31 12:0 a.m.•19 views

(Pwn2Own) QNAP QHora-322 access_setting HTTP Request Smuggling Vulnerability

This vulnerability allows network-adjacent attackers to smuggle arbitrary HTTP requests on affected installations of QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within th...

6.3CVSS7.4AI score

Zero Day Initiative•added 2025/07/31 12:0 a.m.•8 views

(Pwn2Own) QNAP QHora-322 local_pwd_reset HTTP Request Smuggling Vulnerability

6.3CVSS7.4AI score

Tenable Nessus•added 2025/07/31 12:0 a.m.•8 views

Amazon Linux 2 : ruby (ALAS-2025-2931)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2931 advisory. Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTT...

6.5CVSS7.1AI score0.00422EPSS

Amazon•added 2025/07/30 12:0 a.m.•3 views

Medium: ruby

6.5CVSS7.1AI score0.00422EPSS

Exploits0

NVD•added 2025/07/29 1:15 p.m.•3 views

CVE-2025-6175

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in DECE Software Geodi allows HTTP Request Splitting. This issue affects Geodi: before GEODI Setup 9.0.146...

7.2CVSS0.00201EPSS