CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

Veracode•added 2025/12/11 8:41 a.m.•3 views

URL Validation Bypass

validator.js is vulnerable to a URL Validation Bypass. The vulnerability is due to isURL using :// instead of : to parse protocols, allowing attackers to craft URLs that bypass protocol and domain checks and potentially enable XSS or open-redirect attacks...

6.1CVSS6.4AI score0.0005EPSS

Exploits1References3Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2007-3017

Malware in sbrugna...

5CVSS6.2AI score0.00821EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-31764

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.0005EPSS

Exploits1References5

OSV•added 2025/09/30 6:15 p.m.•0 views

UBUNTU-CVE-2025-56200

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leadi...

6.1CVSS6.7AI score0.0005EPSS

Exploits1References2

CVE•added 2025/09/30 12:0 a.m.•14 views

CVE-2025-56200

CVE-2025-56200 : Validator.js contains a URL validation bypass through version 13.15.15. The isURL() function splits on '://', but browsers use ':'; this allows crafting URLs that bypass protocol/domain checks and may enable XSS or open redirects. Connected sources indicate a fix is available in ...

6.1CVSS6AI score0.0005EPSS

Exploits1References4Affected Software1

RedhatCVE•added 2025/05/21 11:43 p.m.•6 views

CVE-2007-3025

Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service hang via unknown vectors related to the isURL function and regular expressions...

5CVSS6.8AI score0.00821EPSS

Exploits0References1

Github Security Blog•added 2021/03/01 7:44 p.m.•48 views

Docsify XSS Vulnerability

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...

8.6CVSS6.4AI score0.00463EPSS

Exploits5References8Affected Software1

NVD•added 2021/02/19 5:15 p.m.•9 views

CVE-2021-23342

8.6CVSS0.00463EPSS

Exploits5References5

Prion•added 2021/02/19 5:15 p.m.•12 views

Authentication flaw

4.3CVSS6.3AI score0.03162EPSS

Exploits6References5Affected Software1

Github Security Blog•added 2020/08/31 11:1 p.m.•35 views

Regular Expression Denial of Service in validator

Versions of validator prior to 3.22.1 are affected by a regular expression denial of service vulnerability in the isURL method. Recommendation Update to version 3.22.1 or later...

5.9AI score

Exploits0References5Affected Software1

Node.js•added 2015/10/17 7:41 p.m.•23 views

Regular Expression Denial of Service

Overview Versions of validator prior to 3.22.1 are affected by a regular expression denial of service vulnerability in the isURL method. Recommendation Update to version 3.22.1 or later. References - Issue 152, Comment 48107184 - GitHub Advisory...

6.7AI score

Exploits0Affected Software1

UbuntuCve•added 2007/06/07 10:30 p.m.•25 views

CVE-2007-3025

5CVSS5.9AI score0.00821EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by