CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

271 matches found

GHSA-35JP-WW65-95WH axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

Vulnerability Disclosure: Full Man-in-the-Middle via Prototype Pollution Gadget in config.proxy Summary The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full...

8.7CVSS5.8AI score

Exploits0References3

CVE•added 2026/03/04 5:49 p.m.•5 views

CVE-2026-20066

CVE-2026-20066 affects multiple Cisco products using the Snort 3 Detection Engine. The issue stems from JSTokenizer normalization logic during HTTP inspection of JavaScript, allowing an unauthenticated remote attacker to trigger a DoS by causing the Snort 3 engine to restart, interrupting packet ...

5.8CVSS6AI score0.00058EPSS

Exploits0References1

OSSF Malicious Packages•added 2026/02/24 6:40 p.m.•4 views

Malicious code in rtxbbtyols (npm)

Package collects and exfiltrates sensitive info to oastify.com via HTTP in both index.js and setup.py with silent error handling. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a545131c0d6f2f8be5e52e2d51ba1ca4bc79095868f4b3c8169744110c68ecd The package...

5.7AI score

Exploits0References3

Cvelist•added 2026/01/06 3:53 p.m.•20 views

CVE-2020-36917 iDS6 DSSPro Digital Signage System 6.2 Cleartext Password Disclosure via Cookie

iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middl...

8.6CVSS0.00084EPSS

Exploits1References6

Vulnrichment•added 2025/10/16 6:59 p.m.•1 views

CVE-2025-11492 HTTP Configuration and Encryption in Transit

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...

9.6CVSS6.4AI score0.00009EPSS

Exploits0References1

NVD•added 2025/10/16 6:15 p.m.•5 views

CVE-2025-62409

Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is...

8.7CVSS0.00011EPSS

Exploits0References1

Vulnrichment•added 2025/10/14 9:14 a.m.•1 views

CVE-2011-20001

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family incl. SIPLUS variants All versions V2.0.3, SIMATIC S7-1200 CPU V2 family incl. SIPLUS variants All versions V2.0.3. The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate...

8.7CVSS6.6AI score0.00139EPSS

Exploits0References1

Cvelist•added 2025/10/14 9:14 a.m.•5 views

CVE-2011-20001

8.7CVSS0.00139EPSS

Exploits0References1

RedhatCVE•added 2025/10/13 12:22 p.m.•1 views

CVE-2025-11633

A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is the function uploadfiletos3 of the file collectlogs.sh of the component HTTP Traffic Handler. The manipulation leads to improper certificate validation. The attack may be initiated remotely. The attack i...

6.3CVSS4.5AI score0.00051EPSS

Exploits0References1

NVD•added 2025/10/12 12:15 p.m.•2 views

CVE-2025-11633

6.3CVSS0.00051EPSS

Exploits0References3

Vulnrichment•added 2025/10/12 12:2 p.m.•3 views

CVE-2025-11633 Tomofun Furbo 360/Furbo Mini HTTP Traffic collect_logs.sh upload_file_to_s3 certificate validation

6.3CVSS4.5AI score0.00051EPSS

Exploits0References3