CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

Cvelist•added 2026/06/09 11:50 p.m.•37 views

CVE-2026-47838 Unauthorized User Impersonation when Using X.509 Client Certificates

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....

6.8CVSS0.00116EPSS

Exploits0References1

CVE•added 2026/05/12 9:51 p.m.•14 views

CVE-2026-42545

Granian is a Rust HTTP server for Python applications. Vulnerable from 0.2.0 up to 2.7.4, where the WSGI response conversion path uses .unwrap() on header name and value constructors; malformed headers trigger a worker process abort instead of handling the error. This results in a Denial of Servi...

5.9CVSS5.8AI score0.00222EPSS

Exploits0References1

Vulnrichment•added 2026/05/11 6:6 p.m.•5 views

CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

2.1CVSS6AI score0.00145EPSS

Exploits0References3

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 has an improper restriction on write operations within the bounds of a memory buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands...

9.8CVSS7.6AI score0.02959EPSS

Exploits1References1

NVD•added 2026/03/29 5:16 p.m.•4 views

CVE-2026-34005

In Sofia on Xiongmai DVR/NVR AHB7008T-MH-V2 and NBD7024H-P 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol TCP port 34567 request to the NetWork.NetCommon configuration handler, because system is used...

8.8CVSS0.01539EPSS

Exploits0References2

EUVD•added 2026/01/15 12:0 a.m.•5 views

EUVD-2026-2707

A Stored Cross-Site Scripting XSS vulnerability in Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to execute arbitrary scripts via a crafted payload due to unsanitized repeater AP SSID value when is displayed in any page at...

5.4CVSS5.2AI score0.0023EPSS

Exploits1References3

Positive Technologies•added 2025/12/15 12:0 a.m.•3 views

PT-2025-51231

NetSupport Manager 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI...

8.7CVSS7.9AI score0.0034EPSS

Exploits0References3

CVE•added 2025/11/24 12:0 a.m.•19 views

CVE-2025-65494

CVE-2025-65494 affects libcoap (notably libcoap 4.3.5 and Fedora 4.3.5a packages). It stems from a NULL pointer dereference in get_san_or_cn_from_cert() inside src/coap_openssl.c, which can be triggered by a crafted X.509 certificate and may cause a denial of service. The vulnerability is reporte...

7.5CVSS6.3AI score0.00211EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2018-10989

Malware in sbrugna...

6.1CVSS6.3AI score0.00668EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 2:32 a.m.•4 views

CVE-2023-1172

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

7.2CVSS5.9AI score0.00464EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 12:40 p.m.•3 views

CVE-2010-3750

rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value...

9.3CVSS7.9AI score0.05995EPSS

Exploits0References1

Cvelist•added 2025/04/15 8:12 p.m.•7 views

CVE-2025-30511 Growatt Cloud Applications Cross-site Scripting

An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant...

8.8CVSS0.00314EPSS

Exploits0References1

SUSE CVE•added 2023/02/15 4:34 a.m.•3 views

SUSE CVE-2017-1000494

Uninitialized stack variable vulnerability in NameValueParserEndElt upnpreplyparse.c in miniupnpd 2.0 allows an attacker to cause Denial of Service Segmentation fault and Memory Corruption or possibly have unspecified other impact...

7.8CVSS7.5AI score0.00466EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 3:52 a.m.•2 views

SUSE CVE-2020-28022