CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

RedhatCVE•added 2026/05/07 12:0 p.m.•7 views

CVE-2026-42010

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.00125EPSS

Exploits0References3

Tenable Nessus•added 2025/11/20 12:0 a.m.•2 views

TencentOS Server 3: curl (TSSA-2023:0172)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0172 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

5.9CVSS6.5AI score0.00297EPSS

Exploits2References3

EUVD•added 2025/10/14 9:30 p.m.•2 views

EUVD-2022-55112

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix route with nexthop object delete warning FRR folks have hit a kernel warning1 while deleting routes2 which is caused by trying to delete a route pointing to a nexthop id without specifying nhid but matching on an...

5.5CVSS5.1AI score0.00004EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-2312

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00149EPSS

Exploits0References8

RedhatCVE•added 2025/07/10 1:30 a.m.•3 views

CVE-2025-42978

The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might lead to the outbound...

3.5CVSS7.6AI score0.00067EPSS

Exploits0References1

NVD•added 2025/05/01 3:16 p.m.•5 views

CVE-2022-49849

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix match incorrectly in devargsmatchdevice syzkaller found a failed assertion: assertion failed: args-devid != u64-1 || args-missing, in fs/btrfs/volumes.c:6921 This can be triggered when we set devid to u64-1 by ioctl. I...

5.5CVSS0.00049EPSS

Exploits0References3

OSV•added 2025/04/16 2:12 p.m.•9 views

CVE-2025-22086 RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5pollone curqp update flow When curqp isn't NULL, in order to avoid fetching the QP from the radix tree again we check if the next cqe QP is identical to the one we already have. The bug however is that we are...

5.5CVSS6AI score0.00026EPSS

Exploits0References14

Ubuntu•added 2025/03/26 9:20 a.m.•27 views

LSN-0110-1: Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: require CAPNETADMIN to attach NGSM0710 ldisc Any unprivileged user can attach NGSM0710 ldisc, but it requires CAPNETADMIN to create a GSM network anyway. Require initial namespace CAPNETADMIN to do that.CVE-2023-52880 ...

7.8CVSS7.6AI score0.18032EPSS

Exploits1

Cvelist•added 2025/03/20 10:10 a.m.•12 views

CVE-2024-6844 Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquoteplus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path...

5.3CVSS0.0011EPSS

Exploits1References1

Debian CVE•added 2025/03/20 10:10 a.m.•4 views

CVE-2024-6844

5.3CVSS5.9AI score0.0011EPSS

Exploits1

AlpineLinux•added 2025/03/12 6:27 p.m.•19 views

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.8AI score0.00024EPSS

Exploits2

Tenable Nessus•added 2023/12/27 12:0 a.m.•30 views

NewStart CGSL MAIN 6.06 : pcre2 Vulnerability (NS-SA-2023-0079)

The remote NewStart CGSL host, running version MAIN 6.06, has pcre2 packages installed that are affected by a vulnerability: - An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the pcre2jitcompile.c file. This involves a unicode...

9.1CVSS7.1AI score0.00584EPSS

Exploits0References3

OpenVAS•added 2022/12/28 12:0 a.m.•8 views

Huawei EulerOS: Security Advisory for pcre2 (EulerOS-SA-2022-2868)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS9.7AI score0.00584EPSS

Exploits0References2

OPENSUSE Linux•added 2022/09/01 12:0 a.m.•27 views

Security update for pcre (important)

openSUSE Security Update: Security update for pcre Announcement ID: openSUSE-SU-2022:2361-1 Rating: important References: 1199232 Cross-References: CVE-2022-1586 CVSS scores: CVE-2022-1586 NVD : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-1586 SUSE: 8.6...

8.6CVSS6.7AI score0.00584EPSS

Exploits0References1

CVE•added 2022/04/01 10:17 p.m.•95 views

CVE-2021-28504

CVE-2021-28504 affects Arista Strata/EOS platforms with TCAM profile enabled where a port IPv4 ACL rule matching VXLAN protocol causes the rule and later ACL rules to fail matching the IP protocol field. This misbehavior can lead to improper packet handling and potential traffic leakage. Arista’s...

7.5CVSS7.5AI score0.00267EPSS

Exploits0References1Affected Software1

OSV•added 2020/12/18 1:15 a.m.•7 views

CVE-2020-28052

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different...

8.1CVSS7.9AI score0.04099EPSS

Exploits1References26

Google Chrome Security Advisories•added 2015/12/01 12:0 a.m.•33 views

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 47 to the stable channel for Windows, Mac and Linux. Chrome 47.0.2526.73 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new...

10CVSS10AI score0.40209EPSS

Exploits6Affected Software1

OSV•added 2013/04/12 8:0 a.m.•7 views

CURL-CVE-2013-1944 cookie domain tailmatch

libcurl is vulnerable to a cookie leak vulnerability when doing requests across domains with matching tails. When communicating over HTTPS and having libcurl's cookie engine enabled, libcurl stores and holds cookies for use when subsequent requests are done to hosts and paths that match those kep...

5CVSS6.1AI score0.02482EPSS

Exploits1

OpenVAS•added 2009/07/29 12:0 a.m.•22 views

Fedora Core 11 FEDORA-2009-7435 (perl-IO-Socket-SSL)

The remote host is missing an update to perl-IO-Socket-SSL announced via advisory FEDORA-2009-7435. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are...

4.3CVSS6.4AI score0.00202EPSS

Exploits0References3