CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

Snyk•added 2026/02/05 5:28 p.m.•3 views

Malicious Package

Overview https-servers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score

Exploits0References2

OSV•added 2026/02/05 5:28 p.m.•3 views

MAL-2026-769 Malicious code in https-servers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a36dcc502283d554435cbf1426fd49634a8889c0839134cb84847739226aee3b The package https-servers was found to contain malicious code. Source: ghsa-malware 36ca75a183037ab06a63d3ba308f3fe6f3207772c7b77df966768e3f10e15c00...

5.5AI score

Exploits0References1

OSSF Malicious Packages•added 2026/02/05 5:28 p.m.•5 views

Malicious code in https-servers (npm)

5.4AI score

Exploits0References1

Snyk•added 2026/01/08 4:41 p.m.•2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of resource-limiting controls in the gRPC, HTTPS, and HTTP3 server implementations. An attacker can exhaust memory and cause the server to degrade or crash by opening...

8.7CVSS6.8AI score0.00213EPSS

Exploits0References2

RedhatCVE•added 2026/01/07 9:49 a.m.•9 views

CVE-2022-27820

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

4.3CVSS6.9AI score0.00136EPSS

Exploits0References1

RedHat Linux•added 2023/10/09 10:22 a.m.•2 views

python: TLS handshake bypass

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...

5.3CVSS6.8AI score0.00581EPSS

Exploits0References7

OSV•added 2023/08/24 12:0 a.m.•24 views

PSF-2023-8 Bypass TLS handshake on closed sockets

Instances of ssl.SSLSocket are vulnerable to a bypass of the TLS handshake and included protections like certificate verification and treating sent unencrypted data as if it were post-handshake TLS encrypted data. The vulnerability is caused when a socket is connected, data is sent by the malicio...

5.3CVSS6AI score0.00581EPSS

Exploits0References3

Github Security Blog•added 2022/05/13 1:12 a.m.•39 views

Insufficient Verification of Data Authenticity in Async Http Client

main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client aka AHC or async-http-client before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate...

4.3CVSS4.8AI score0.01049EPSS

Exploits0References12Affected Software1

Github Security Blog•added 2022/05/13 1:12 a.m.•36 views

Insufficient Verification of Data Authenticity in Async Http Client

Async Http Client aka AHC or async-http-client before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a...

4.3CVSS1.9AI score0.0106EPSS

Exploits0References12Affected Software1

OSV•added 2022/05/13 1:12 a.m.•26 views

GHSA-8H53-FJGG-G42G Insufficient Verification of Data Authenticity in Async Http Client

4.3CVSS9.1AI score0.0106EPSS

Exploits0References12

ATTACKERKB•added 2022/03/24 4:15 a.m.•1 views

CVE-2022-27820

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

4.3CVSS5.9AI score0.00136EPSS

Exploits0References4

OpenVAS•added 2017/08/04 12:0 a.m.•32 views

RedHat Update for python RHSA-2017:1868-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS7.1AI score0.02758EPSS

Exploits1References2

Tenable Nessus•added 2015/06/25 12:0 a.m.•35 views

Amazon Linux AMI : python27 (ALAS-2015-552)

It was discovered that multiple Python standard library modules implementing network protocols such as httplib or smtplib failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.CVE-2013-1752 ...

7.5CVSS6.9AI score0.02758EPSS

Exploits2References4

NVD•added 2015/06/24 4:59 p.m.•24 views

CVE-2013-7398

4.3CVSS6.3AI score0.01049EPSS

Exploits0References10

Prion•added 2015/06/24 4:59 p.m.•26 views

Design/Logic Flaw

4.3CVSS6.9AI score0.0106EPSS

Exploits0References10Affected Software2

UbuntuCve•added 2015/06/24 4:59 p.m.•28 views

CVE-2013-7398

4.3CVSS7.2AI score0.01049EPSS

Exploits0References3

Prion•added 2015/06/24 4:59 p.m.•28 views

Design/Logic Flaw

4.3CVSS6.8AI score0.01049EPSS

Exploits0References10Affected Software2

Cvelist•added 2015/06/24 4:0 p.m.•27 views

CVE-2013-7397

6.2AI score0.0106EPSS

Exploits0References10

CVE•added 2015/06/24 4:0 p.m.•86 views

CVE-2013-7398

CVE-2013-7398 affects Async Http Client (async-http-client) before 1.9.0, where hostname verification is not required during X.509 certificate verification. This allows MITM attackers to spoof HTTPS servers with arbitrary valid certificates. Mitigation: upgrade to 1.9.0 or newer (vendor advisorie...

4.3CVSS8.9AI score0.01049EPSS

Exploits0References10Affected Software1

Debian CVE•added 2015/06/24 4:0 p.m.•31 views

CVE-2013-7397

4.3CVSS7.4AI score0.0106EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by