CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

177 matches found

NVD•added 2026/05/27 8:16 p.m.•8 views

CVE-2026-8359

When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBinLoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not prese...

7.5CVSS0.00061EPSS

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•3 views

PT-2026-44093

When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBin LoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not...

7.5CVSS5.8AI score0.00061EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•8 views

Astra Linux - уязвимость в apache2

HTTP/2 incoming headers that exceed the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client continues to send headers, this can lead to memory exhaustion...

7.5CVSS7AI score0.87555EPSS

Exploits2References2

ATTACKERKB•added 2026/05/13 9:5 p.m.•2 views

CVE-2026-44425

ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sortby query parameter, which are then passed directly as BSON/SQL keys in the...

5.4CVSS5.8AI score0.00076EPSS

Exploits1References2Affected Software1

CVE•added 2026/04/24 5:55 p.m.•11 views

CVE-2026-42041

Affected software: Axios (browser and Node.js). Vulnerability: Prototype Pollution in the mergeDirectKeys path used by validateStatus, allowing pollution of Object.prototype that could cause all HTTP status codes to be treated as success. Root cause: The only config property using the mergeDirect...

6.5CVSS5.3AI score0.00148EPSS

Exploits1References1Affected Software1

CNNVD•added 2026/04/24 12:0 a.m.•4 views

Axios 授权问题漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 have a vulnerability related to authorization. This vulnerability stems from the use of the mergeDirectKeys merging strategy in validateStatus. This strategy uses the in operator to traverse the...

6.5CVSS5.8AI score0.00148EPSS

Exploits1References1

Github Security Blog•added 2026/03/24 7:18 p.m.•4 views

FileBrowser Quantum has Username Enumeration via Authentication Timing Side-Channel

Summary The /api/auth/login authentication endpoint does not execute in constant time. When a non-existent username is supplied, the server returns a 401/403 response almost immediately. When a valid username is provided, the server performs a bcrypt password comparison, causing a measurable dela...

5.9AI score

Exploits0References4Affected Software1

CVE•added 2026/02/06 4:41 p.m.•12 views

CVE-2026-23738

CVE-2026-23738 affects Asterisk; prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user-supplied cookie/GET parameter values are echoed into the HTML of the /httpstatus page without escaping, enabling reflected XSS. The issue is mitigated by upgrading to the patched series (20.7...

6.1CVSS5.3AI score0.00051EPSS

Exploits0References1Affected Software2

Snyk•added 2026/02/03 10:55 p.m.•2 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the auth-url annotation when a specific misconfiguration occurs involving a custom-errors configuration that includes HTTP errors 401 or 403, and the configured default custom-erro...

3.1CVSS5.6AI score0.00014EPSS

Exploits0References2

GithubExploit•added 2025/12/04 6:55 a.m.•137 views

Exploit for CVE-2025-55182

react2shell-scanner A command-line tool for detecting CVE-202...

10CVSS7.2AI score0.82011EPSS

Exploits372

RedhatCVE•added 2025/10/15 7:38 p.m.•4 views

CVE-2025-59429

FreePBX is an open source GUI for managing Asterisk. In versions prior to 16.0.68.39 for FreePBX 16 and versions prior to 17.0.18.38 for FreePBX 17, a reflected cross-site scripting vulnerability is present on the Asterisk HTTP Status page. The Asterisk HTTP status page is exposed by FreePBX and ...

8.5CVSS6.4AI score0.00081EPSS

Exploits0References1

OSV•added 2025/10/14 7:26 p.m.•2 views

CVE-2025-59429 FreePBX core module vulnerable to reflected cross-site scripting via Asterisk HTTP Status page

8.5CVSS6.4AI score0.00081EPSS

Exploits0References3

Positive Technologies•added 2025/10/14 12:0 a.m.•2 views

PT-2025-42182

Name of the Vulnerable Software and Affected Versions FreePBX versions prior to 16.0.68.39 FreePBX versions prior to 17.0.18.38 Description FreePBX, an open source GUI for managing Asterisk, contains a reflected cross-site scripting issue on the Asterisk HTTP Status page. The page is exposed by...

8.5CVSS5AI score0.00081EPSS

Exploits0References8