CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-2322

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.04428EPSS

Exploits0References14

RedhatCVE•added 2025/08/30 6:21 p.m.•2 views

CVE-2025-50985

diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...

5.6CVSS6.6AI score0.00082EPSS

Exploits1References1

OSV•added 2025/08/27 3:15 p.m.•1 views

CVE-2025-50985

5.6CVSS5.9AI score0.00082EPSS

Exploits1References1

Tenable Nessus•added 2025/08/18 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2024-3653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the...

5.3CVSS6.4AI score0.04428EPSS

Exploits0References2

RedHat Linux•added 2024/08/08 5:23 p.m.•1 views

undertow: LearningPushHandler can lead to remote memory DoS attacks

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

5.3CVSS5.7AI score0.04428EPSS

Exploits0References4

OSV•added 2024/07/09 12:31 a.m.•10 views

GHSA-CH7Q-GPFF-H9HP Undertow Missing Release of Memory after Effective Lifetime vulnerability

6.3CVSS5.9AI score0.04428EPSS

Exploits0References14

OSV•added 2024/07/08 10:15 p.m.•2 views

DEBIAN-CVE-2024-3653

5.3CVSS6.1AI score0.04428EPSS

Exploits0References1

OSV•added 2024/07/08 10:15 p.m.•13 views

CVE-2024-3653

5.3CVSS6.5AI score0.04428EPSS

Exploits0References9

NVD•added 2024/07/08 10:15 p.m.•17 views

CVE-2024-3653

5.3CVSS0.04428EPSS

Exploits0References9

UbuntuCve•added 2024/07/08 10:15 p.m.•10 views

CVE-2024-3653

5.3CVSS6.7AI score0.04428EPSS

Exploits0References4

OSV•added 2024/07/08 10:15 p.m.•0 views

UBUNTU-CVE-2024-3653

5.3CVSS7.1AI score0.04428EPSS

Exploits0References5

Cvelist•added 2024/07/08 9:21 p.m.•30 views

CVE-2024-3653 Undertow: learningpushhandler can lead to remote memory dos attacks

5.3CVSS0.04428EPSS

Exploits0References8

Debian CVE•added 2024/07/08 9:21 p.m.•9 views

CVE-2024-3653

5.3CVSS6.3AI score0.04428EPSS

Exploits0

CVE•added 2024/07/08 9:21 p.m.•99 views

CVE-2024-3653

CVE-2024-3653 affects Undertow. The vulnerability arises when learning-push handler is enabled in server config (disabled by default); if maxAge is left at its default -1, the handler becomes vulnerable. An attacker with network access can reach the server with a normal HTTP request to exploit th...

5.3CVSS5.2AI score0.04428EPSS

Exploits0References9

RedhatCVE•added 2024/07/08 9:20 p.m.•21 views

CVE-2024-3653

5.3CVSS6.7AI score0.04428EPSS

Exploits0References3

Positive Technologies•added 2024/07/08 12:0 a.m.•1 views

PT-2024-27050 · Undertow · Undertow

Name of the Vulnerable Software and Affected Versions: Undertow affected versions not specified Description: A vulnerability was found in Undertow, which requires the learning-push handler to be enabled in the server's config. By default, this handler is disabled. If enabled and the maxAge config...

6.3CVSS8AI score0.04428EPSS

Exploits0References24

CVE•added 2024/05/21 8:26 p.m.•48 views

CVE-2024-35220

Summary: CVE-2024-35220 affects the @fastify/session plugin for Fastify. When restoring a cookie from the session store, the expires field is overridden if maxAge is set, causing expired cookies/sessions to not be destroyed. The issue is fixed in version 10.8.0; affected users should upgrade to 1...

7.4CVSS7.4AI score0.00351EPSS

Exploits0References3

OSV•added 2024/05/21 8:26 p.m.•12 views

CVE-2024-35220 @fastify/session reuses destroyed session cookie

@fastify/session is a session plugin for fastify. Requires the @fastify/cookie plugin. When restoring the cookie from the session store, the expires field is overriden if the maxAge field was set. This means a cookie is never correctly detected as expired and thus expired sessions are not...

7.4CVSS7.2AI score0.00351EPSS

Exploits0References5

Akamai Blog•added 2021/06/23 2:0 p.m.•32 views

Targeted Cache Control

Content delivery networks CDNs have been around and have evolved over a long time in internet years. They all speak HTTP and you can safely rely on them to work with just about anything else that speaks HTTP. This is the beauty of standards -- HTTP in this case. What you cannot count on is there...

7.2AI score

Exploits0

Github Security Blog•added 2019/07/05 9:7 p.m.•25 views

Denial of Service in mem

Versions of mem prior to 4.0.0 are vulnerable to Denial of Service DoS. The package fails to remove old values from the cache even after a value passes its maxAge property. This may allow attackers to exhaust the system's memory if they are able to abuse the application logging. Recommendation...

5.6AI score

Exploits0References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by