CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2025/05/19 12:0 a.m.•6 views

An Automated Blackbox Noncompliance Checker for QUIC Server Implementations

We develop QUICtester, an automated approach for uncovering non-compliant behaviors in the ratified QUIC protocol implementations RFC 9000/9001. QUICtester leverages active automata learning to abstract the behavior of a QUIC implementation into a finite state machine FSM representation. Unlike...

Drupal•added 2025/05/14 12:0 a.m.•4 views

Advanced File Destination - Critical - Multiple vulnerabilities - SA-CONTRIB-2025-057

The Advanced File Destination module enhances file upload management in Drupal by allowing users to choose and create custom directories during file uploads. The module has multiple vulnerabilities that were reported through the Drupal Security Team's coordinated vulnerability process. The projec...

5.6AI score

Exploits0References1

Snyk•added 2025/03/13 5:47 a.m.•1 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the xengineVerify method in EdDSAEngine.java, which does not comply with RFC 8032 specifications for signature maleability. An attacker can create new valid signatures different from...

7.5CVSS6.9AI score0.00028EPSS

Tenable Nessus•added 2025/03/05 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2022-49639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READONCE to avoid data-races...

4.7CVSS6.6AI score0.0003EPSS

Exploits0References3

Positive Technologies•added 2025/01/01 12:0 a.m.•2 views

PT-2025-2327 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The issue is related to a rejected CVE record due to non-compliance with CNA rules, as it has not been used. No further details are provided abo...

Positive Technologies•added 2025/01/01 12:0 a.m.•2 views

PT-2025-2334 · Undefined · Undefined

Positive Technologies•added 2025/01/01 12:0 a.m.•1 views

PT-2025-2332 · Undefined · Undefined

Positive Technologies•added 2025/01/01 12:0 a.m.•2 views

PT-2025-2318 · Undefined · Undefined

CNNVD•added 2024/07/05 12:0 a.m.•1 views

Certifi Data Forgery Issue Vulnerability

Certifi is a Python SSL certificate from the Certifi open source. A data forgery vulnerability exists in versions of Certifi prior to 2024.07.04, which stems from a compliance issue that recognizes root certificates from GLOBALTRUST...

7.5CVSS7AI score0.26297EPSS

Exploits0References6

Microsoft CVE•added 2023/03/13 7:0 a.m.•2 views

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90

...

7.8CVSS7.6AI score0.00067EPSS

SUSE CVE•added 2023/03/10 4:2 a.m.•0 views

SUSE CVE-2023-27985

7.8CVSS7AI score0.00067EPSS

Exploits0References3

Positive Technologies•added 2023/01/01 12:0 a.m.•2 views

PT-2023-14362 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The record for this issue has been rejected due to non-compliance with CNA rules, as it has not been used. The information is available via the...

Positive Technologies•added 2023/01/01 12:0 a.m.•3 views

PT-2023-14369 · Undefined · Undefined

Positive Technologies•added 2023/01/01 12:0 a.m.•2 views

PT-2023-14351 · Undefined · Undefined

Positive Technologies•added 2023/01/01 12:0 a.m.•2 views

PT-2023-14359 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The record has been rejected due to non-compliance with CNA rules as it has not been used. The information is available via the National...

Positive Technologies•added 2023/01/01 12:0 a.m.•1 views

PT-2023-14355 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The record was rejected due to non-compliance with CNA rules as it has not been used. The information is available via the National Vulnerabilit...

Positive Technologies•added 2023/01/01 12:0 a.m.•3 views

PT-2023-14363 · Undefined · Undefined

Malwarebytes•added 2022/08/24 12:0 p.m.•18 views

Twitter security under scrutiny after former executive turns whistleblower

A former Twitter executive has acted as a whistleblower and alleged some serious problems. Provided these accusations are true, the disclosure shows a side of Twitter that poses a threat to its own users' personal information, to company shareholders, to national security, and to democracy...

6.8AI score