CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

NVD•added 2026/05/11 6:16 p.m.•5 views

CVE-2026-42860

The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin ro...

8.5CVSS0.00012EPSS

Exploits1References1

Positive Technologies•added 2026/05/05 12:0 a.m.•4 views

PT-2026-37284

Name of the Vulnerable Software and Affected Versions Open edx Enterprise Service versions 7.0.2 through 7.0.4 Description An authenticated user with the Enterprise Admin role can trigger a server-side HTTP request. By using the 'SAMLProviderConfigViewSet' PATCH endpoint, a user can set the...

8.5CVSS5.9AI score0.00012EPSS

Exploits1References4

CNNVD•added 2026/04/03 12:0 a.m.•6 views

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.90 contained security vulnerabilities. These vulnerabilities stemmed from the MCPToolIndex.searchtools function directly compiling the string provided by the caller into...

7.5CVSS5.8AI score0.00018EPSS

Exploits1References1

Github Security Blog•added 2026/04/01 11:21 p.m.•4 views

PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()

Summary MCPToolIndex.searchtools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete...

7.5CVSS5.9AI score0.00018EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/04/01 12:0 a.m.•1 views

PT-2026-29826

Summary MCPToolIndex.search tools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete...

6.5CVSS5.9AI score0.00018EPSS

Exploits1References4

CNNVD•added 2026/03/06 12:0 a.m.•3 views

melange 代码问题漏洞

Melange is a software developed by Chainguard for building APKs from source code. Versions of Melange prior to 0.40.5 have code vulnerabilities. This vulnerability arises from the fact that the melange update-cache process downloads URIs in the build configuration using io.Copy without size limit...

4.3CVSS7.4AI score0.00049EPSS

Exploits0References2

Cvelist•added 2025/09/03 12:0 a.m.•4 views

CVE-2025-52494

Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...

0.00102EPSS

Exploits0References2

Snyk•added 2025/03/20 12:32 p.m.•4 views

Synchronous Access of Remote Resource without Timeout

Overview Affected versions of this package are vulnerable to Synchronous Access of Remote Resource without Timeout via the typeahead endpoint due to lacking timeout when checking that a specified resource exists. An attacker can cause the application to block and become unresponsive to other...

8.7CVSS6.9AI score0.00247EPSS

Exploits1References2

SUSE CVE•added 2023/02/15 5:50 a.m.•2 views

SUSE CVE-2011-4137

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

5CVSS8.5AI score0.0188EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 5:32 a.m.•0 views

SUSE CVE-2014-0231

The modcgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service process hang via a request to a CGI script that does not read from its stdin file descriptor...

5CVSS8.7AI score0.44151EPSS

Exploits1References8

Veracode•added 2017/05/03 6:19 a.m.•7 views

Brute Force Attacks

github.com/tyktechnologies/tyk is vulnerable to brute force attacks. The library does not have any timeout configured, allowing a malicious user to have numerous retries to brute force the password for an account...

6.8AI score

Exploits0

RedHat Linux•added 2016/04/05 8:37 p.m.•3 views

EAP: HTTPS NIO connector uses no timeout when reading SSL handshake from client

A read-timeout flaw was found in the HTTPS NIO Connector handling of SSL handshakes. A remote, unauthenticated attacker could create a socket and cause a thread to remain occupied indefinitely so long as the socket remained open denial of service...

7.5CVSS7.1AI score0.01813EPSS

Exploits0References4

OSV•added 2007/01/29 5:28 p.m.•1 views

DEBIAN-CVE-2007-0539

The wpremotefopen function in WordPress before 2.1 allows remote attackers to cause a denial of service bandwidth or thread consumption via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint...

7.8CVSS6.8AI score0.0138EPSS

Exploits0References1