CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

51 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в maven

Apache Maven will no longer follow repositories that are defined in a dependency’s Project Object Model pom, which may be surprising to some users. This change introduces potential risks if a malicious actor takes control of such repositories or gains access to pretend to be those repositories...

9.1CVSS6.7AI score0.46101EPSS

Exploits2References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2015-0906

Malware in sbrugna...

5.9CVSS5.9AI score0.00115EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-3296

Malware in sbrugna...

6.1CVSS6.3AI score0.01664EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2015-3051

Malware in sbrugna...

5.9CVSS5.8AI score0.00115EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-3193

Malware in sbrugna...

5.9CVSS5.9AI score0.0133EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-5839

Malicious code in bioql PyPI...

4.3CVSS9.3AI score0.00425EPSS

Exploits0References7

RedhatCVE•added 2025/05/22 1:22 a.m.•5 views

CVE-2015-2968

LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM man-in-the-middle attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker...

5.9CVSS6.5AI score0.00115EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 12:39 a.m.•6 views

CVE-2015-0897

LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM man-in-the-middle attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker...

5.9CVSS6.5AI score0.00115EPSS

Exploits0References1

IBM Security Bulletins•added 2024/08/21 5:33 p.m.•30 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a remote attack due to Apache Maven (CVE-2021-26291)

Summary UPDATE 21 AUGUST 2024: This fix has been updated. Please download and install the fix dated 21 August 2024. The IBM Integration Bus for z/OS toolkit is vulnerable to a remote attack due to Apache Maven. This bulletin identifies the steps to take to address the vulnerability. Vulnerability...

9.1CVSS9.2AI score0.46101EPSS

Exploits2Affected Software1

NVD•added 2023/10/31 10:15 a.m.•13 views

CVE-2015-0897

5.9CVSS5.5AI score0.00115EPSS

Exploits0References2

NVD•added 2023/10/31 10:15 a.m.•7 views

CVE-2015-2968

5.9CVSS5.5AI score0.00115EPSS

Exploits0References2

Prion•added 2023/10/31 10:15 a.m.•13 views

Code injection

2.6CVSS6.7AI score0.00115EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/10/31 9:28 a.m.•12 views

CVE-2015-0897

5.4AI score0.00115EPSS

Exploits0References2

F5 Networks•added 2023/02/21 6:3 p.m.•14 views

K21942600: A virtual server with a Client SSL profile may accept non-SSL traffic

Security Advisory Description A Client SSL profile using a cipher group and an option that modifies supported ciphers for example no-dtls or no-ssl accepts plain text connections, in addition to correctly handling SSL traffic. This issue occurs when all of the following conditions are met: A...

6.8AI score

Exploits0

OSV•added 2021/04/23 3:15 p.m.•32 views

CVE-2021-26291

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model pom which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository...

9.1CVSS6.3AI score0.46101EPSS

Exploits2References43

Prion•added 2021/04/23 3:15 p.m.•25 views

Design/Logic Flaw

6.4CVSS8.8AI score0.46101EPSS

Exploits2References44Affected Software4

CVE•added 2021/04/23 2:20 p.m.•282 views

CVE-2021-26291

CVE-2021-26291: Apache Maven could allow a remote attacker to bypass security restrictions by default non-SSL (http) repository references. Affected IBM/Bundled deployments cite this vulnerability and provide remediation paths, including upgrading Maven-driven components to versions that include ...

9.1CVSS8.2AI score0.46101EPSS

Exploits2References43Affected Software1

Debian CVE•added 2021/04/23 2:20 p.m.•33 views

CVE-2021-26291

9.1CVSS7.6AI score0.46101EPSS

Exploits2

Kitploit•added 2019/12/05 8:30 p.m.•97 views

CORStest - A Simple CORS Misconfiguration Scanner

A simple CORSmisconfiguration scanner Based on theresearch of James Kettle CORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing CORS misconfigurations. It takes a text file as input which may contain a list of domain names or URLs. Currently, the following potential...

6.4AI score

Exploits0References1

NVD•added 2019/07/02 9:15 p.m.•10 views

CVE-2017-11578

It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using plain text HTTP protocol. The user uses the web management interface of the device to provide the...

5.9CVSS5.8AI score0.0133EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by