CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

creationtimestamp| type| source ---|---|--- 2025-07-03 21:40:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lt3ox54mus2l 2025-07-04 03:00:05+00:00| published-proof-of-concept| Telegram/RzZ013A6hXC-6kV-YI4QCReoYBbyiIzsP4toqc70fDWU4nE 2025-08-06 13:54:20+00:00| seen|...

9.1CVSS4.8AI score0.00469EPSS

Exploits5References1

Github Security Blog•added 2024/09/22 3:30 a.m.•56 views

HTTP Request Smuggling in ruby webrick

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

6.8AI score0.00108EPSS

Exploits0References8Affected Software1

Cvelist•added 2024/09/05 12:0 a.m.•13 views

CVE-2023-51712

An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function...

0.00151EPSS

Exploits0References2

NVD•added 2024/05/06 4:15 p.m.•8 views

CVE-2024-34089

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When...

7.3CVSS6.5AI score0.00399EPSS

Exploits0References2

CVE•added 2024/05/05 12:0 a.m.•68 views

CVE-2024-34502

CVE-2024-34502 affects WikibaseLexeme in MediaWiki up to specific versions: before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. The flaw allows Special:MergeLexemes to trigger an edit merging the from-id into the to-id even when the request is not POST and lacks an edit token, effectiv...

9.8CVSS6.9AI score0.00159EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2024/04/26 12:0 a.m.•12 views

CVE-2024-33671

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files...

7.7CVSS7AI score0.00077EPSS

Exploits0References1

CVE•added 2024/04/26 12:0 a.m.•106 views

CVE-2024-33672

CVE-2024-33672 affects Veritas NetBackup prior to 10.4. The Multi-Threaded Agent can be used to perform arbitrary file deletion on protected files, per multiple connected sources. Reported impact includes high confidentiality/availability implications (C/I = HIGH, A = HIGH) with local attack vect...

7.7CVSS6.8AI score0.00042EPSS

Exploits0References1Affected Software1

CVE•added 2024/04/11 12:0 a.m.•43 views

CVE-2024-29399

CVE-2024-29399 affects GNU Savane

7.6CVSS8AI score0.05307EPSS

Exploits2References1Affected Software1

OSV•added 2024/03/06 10:52 a.m.•21 views

BIT-EJBCA-2021-40087

An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log that can only be viewed by an administrator. This affects us...

4CVSS3.7AI score0.00096EPSS

Exploits0References2

NVD•added 2024/02/27 1:15 a.m.•9 views

CVE-2024-24720

An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system...

5.3CVSS6.4AI score0.00163EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by