CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2013-0277

Malware in sbrugna...

2.1CVSS6.1AI score0.00412EPSS

Exploits0References10

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2009-4524

Malware in sbrugna...

5CVSS6.4AI score0.0047EPSS

Exploits0References6

Vulnrichment•added 2025/10/06 8:8 a.m.•2 views

CVE-2025-59728 Heap-buffer-overflow write in FFmpeg MDASH resolve_content_path

When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below 0, it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is...

8.7CVSS6.7AI score0.00019EPSS

Exploits0References1

Drupal•added 2025/05/21 12:0 a.m.•7 views

Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-065

This module provides a block to easily display a rendered node. Access to the rendered node isn't validated before rendering the block. Allowing access to node content for users that would normally not be allowed to access the node...

5.3CVSS6.6AI score0.00264EPSS

Exploits0References2

Github Security Blog•added 2023/04/26 3:30 p.m.•14 views

Access bypass in Drupal core

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...

5.4CVSS6AI score0.00129EPSS

Exploits0References3Affected Software1

OSV•added 2023/01/31 10:15 a.m.•11 views

CVE-2023-0591

ubireaderextractfiles is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory provided the process has write access to that file or directory. This is due to the fact that a node name...

5.5CVSS5.5AI score

Exploits0References2

OSV•added 2018/05/17 2:29 p.m.•1 views

ALPINE-CVE-2018-7159

The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...

5.3CVSS8.8AI score0.00902EPSS

Exploits0References1

UbuntuCve•added 2013/07/16 6:55 p.m.•23 views

CVE-2013-0245

The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles...

2.1CVSS5.9AI score0.00412EPSS

Exploits0References3

NVD•added 2013/01/03 1:55 a.m.•12 views

CVE-2012-5654

The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the 1 description,...

4.3CVSS6.3AI score0.00283EPSS

Exploits0References3

Prion•added 2013/01/03 1:55 a.m.•6 views

Design/Logic Flaw

4.3CVSS6.8AI score0.00283EPSS

Exploits0References3Affected Software1

Drupal•added 2009/04/29 12:0 a.m.•10 views

SA-CONTRIB-2009-023 - News Page - SQL injection

The News Page module provides a node content type which displays feed items from an aggregator category, filtered by keywords entered into the 'Include Words' field of the node. Unfortunately the News Page module uses keywords directly in SQL queries without being sanitized, allowing SQL injectio...

8.1AI score

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by