CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1276 matches found

CVE•added 2025/11/05 3:7 p.m.•22 views

CVE-2025-64458

CVE-2025-64458 is a Django IIS/Windows-specific DoS caused by slow NFKC normalization in Python, affecting HttpResponseRedirect, HttpResponsePermanentRedirect, and django.shortcuts.redirect. Affected Django releases: 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. IBM and EU/PC bullet...

7.5CVSS6.5AI score0.00026EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2025/11/05 12:0 a.m.•5 views

PT-2025-45118

Name of the Vulnerable Software and Affected Versions Django versions prior to 4.2.26 Django versions prior to 5.1.14 Django versions prior to 5.2.8 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier Description The issue relates to algorithmic...

9.1CVSS7.6AI score0.00296EPSS

Exploits11References37

CNNVD•added 2025/11/05 12:0 a.m.•6 views

Django 安全漏洞

Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django version 5.1 up to and including version 5.1.14,...

7.5CVSS7.4AI score0.00026EPSS

Exploits1References3

Debian CVE•added 2025/11/03 12:0 a.m.•4 views

CVE-2024-51317

An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the domnodenormalize function...

6.5CVSS6AI score0.00163EPSS

Exploits1

SUSE CVE•added 2025/10/29 12:23 a.m.•7 views

SUSE CVE-2025-55752

Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the...

7.5CVSS8AI score0.00274EPSS

Exploits4References16

GithubExploit•added 2025/10/28 5:49 p.m.•233 views

Exploit for CVE-2025-55752

🚨🚨 CVE-2025-55752 — Apache Tomcat: Directory-protection bypass v...

7.5CVSS8.4AI score0.00274EPSS

Exploits4

RedhatCVE•added 2025/10/28 1:41 p.m.•8 views

CVE-2025-55752

A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...

7.5CVSS7.1AI score0.00274EPSS

Exploits4References5

Snyk•added 2025/10/27 6:31 p.m.•8 views

Relative Path Traversal

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Relative Path Traversal via the URL normalization. An attacker can bypass security constraints and access restricted directories suc...

7.7CVSS9AI score0.00274EPSS

Exploits4References2

Snyk•added 2025/10/27 6:31 p.m.•12 views

Relative Path Traversal

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Relative Path Traversal via the URL normalization. An attacker can bypass security constraints and access restricted directories such as /WEB-INF/ and /META-INF/...

7.7CVSS9.1AI score0.00274EPSS

Exploits4References2

OSV•added 2025/10/27 6:15 p.m.•6 views

CVE-2025-55752

7.5CVSS7.8AI score0.00274EPSS

Exploits4References4

Positive Technologies•added 2025/10/23 12:0 a.m.•2 views

PT-2025-43461

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists where a file path filter designed to restrict access to sensitive directories can be bypassed due to incorrect unicode normalization. This could allow a local user to gain elevated...

7.8CVSS6.1AI score0.00003EPSS

Exploits0References7

Debian•added 2025/10/22 5:0 p.m.•5 views

[SECURITY] [DLA 4343-1] raptor2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4343-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz October 22, 2025 https://wiki.debian.org/LTS -...

9.3CVSS7.3AI score0.0004EPSS

Exploits2

OSV•added 2025/10/18 12:0 p.m.•3 views

RUSTSEC-2025-0082 `unic-normal` is unmaintained

All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icunormalizer - unicode-normalization...

7AI score

Exploits0References3

RustSec•added 2025/10/18 12:0 p.m.•5 views

`unic-ucd-hangul` is unmaintained

All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icunormalizer - unicode-normalization...

7AI score

Exploits0

RustSec•added 2025/10/18 12:0 p.m.•5 views

`unic-normal` is unmaintained

All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icunormalizer - unicode-normalization...

7AI score

Exploits0

OSV•added 2025/10/18 12:0 p.m.•1 views

RUSTSEC-2025-0079 `unic-ucd-hangul` is unmaintained

All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icunormalizer - unicode-normalization...

7AI score

Exploits0References3

SUSE Linux•added 2025/10/07 11:33 a.m.•3 views

Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: Update to version 5.6.9. CVE-2024-45614: improper header normalization allows for clients to clobber proxy set headers, which can lead to information leaks bsc1230848, fixed in an earlier update. CVE-2024-21647: unbounded resource consumpti...

7.3CVSS6.8AI score0.0246EPSS

Exploits0References12