CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

NVD•added 2026/04/16 10:16 a.m.•2 views

CVE-2024-8010

The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files...

7.5CVSS0.00027EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-0304

Malware in sbrugna...

9.3CVSS8.1AI score0.00863EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-3747

Malware in sbrugna...

6.5CVSS6.7AI score0.01543EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-15126

Malicious code in bioql PyPI...

6.3CVSS6.1AI score0.00092EPSS

Exploits1References1

OSV•added 2025/04/14 11:39 a.m.•14 views

BIT-PHP-MIN-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

6.3CVSS6AI score0.00092EPSS

Exploits1References4

OSV•added 2025/04/14 11:39 a.m.•14 views

BIT-PHP-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource

6.3CVSS6AI score0.00092EPSS

Exploits1References4

NVD•added 2025/03/30 6:15 a.m.•13 views

CVE-2025-1219

6.3CVSS0.00092EPSS

Exploits1References3

Cvelist•added 2019/06/04 8:18 p.m.•30 views

CVE-2018-13379

An Improper Limitation of a Pathname to a Restricted Directory "Path Traversal" in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download syste...

9.1CVSS9.8AI score0.94473EPSS

Exploits21References2

Fortinet•added 2019/05/24 12:0 a.m.•132 views

Protect

A path traversal vulnerability in the FortiOS SSL VPN web portal may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests...

5CVSS9AI score0.94473EPSS

Exploits21Affected Software1

Veracode•added 2019/01/15 9:20 a.m.•30 views

Authorization Bypass

httpd is vulnerable to authorization bypass attacks. The vulnerability exists as a regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionall...

6.5CVSS6.7AI score0.01543EPSS

Exploits0References7Affected Software1

NVD•added 2018/07/26 5:29 p.m.•19 views

CVE-2017-12171

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource...

6.5CVSS6.5AI score0.01543EPSS

Exploits0References4

Debian CVE•added 2018/07/26 5:0 p.m.•32 views

CVE-2017-12171

6.5CVSS6.7AI score0.01543EPSS

Exploits0

Cvelist•added 2018/06/04 4:0 p.m.•15 views

CVE-2016-10688

Haxe 3 : The Cross-Platform Toolkit a fork from David Mouton's damoebius/haxe-npm haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the...

8.3AI score0.00735EPSS

Exploits0References1

NVD•added 2018/06/01 6:29 p.m.•9 views

CVE-2016-10597

cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

5.9CVSS5.7AI score0.00119EPSS

Exploits0References1

Amazon•added 2017/11/02 12:0 a.m.•130 views

Medium: httpd

Issue Overview: Hash character matches all IPs: A regression was found in httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. CVE-2017-12171 Affected...

6.5CVSS6.9AI score0.01543EPSS

Exploits0

Tenable Nessus•added 2017/10/23 12:0 a.m.•130 views

CentOS 6 : httpd (CESA-2017:2972) (Optionsbleed)

An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.5CVSS6.8AI score0.9384EPSS

Exploits9References3

RedhatCVE•added 2017/10/19 10:49 a.m.•28 views

CVE-2017-12171

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource...

6.5CVSS2AI score0.01543EPSS

Exploits0References1