CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

947 matches found

Chainguard•added 2025/11/02 1:49 p.m.•3 views

GHSA-CXQ7-XW9V-RCV3 vulnerabilities

Vulnerabilities for packages: skopeo-fips, nodetaint, falcoctl, mongodb-kubernetes-operator-fips, kubernetes-csi-external-attacher-fips, prometheus-node-exporter, pvc-autoresizer, protoc-gen-go-grpc, glow, vgpu-util, maru, falco-exporter-fips, stern, secrets-store-csi-driver, timescaledb-tune,...

5.8AI score

Exploits0

Chainguard•added 2025/11/02 1:49 p.m.•3 views

GHSA-9GCR-GP5F-JW27 vulnerabilities

Vulnerabilities for packages: skopeo-fips, falcoctl, mongodb-kubernetes-operator-fips, kubernetes-csi-external-attacher-fips, prometheus-node-exporter, pvc-autoresizer, protoc-gen-go-grpc, glow, vgpu-util, maru, falco-exporter-fips, stern, secrets-store-csi-driver, timescaledb-tune, localstack,...

5.8AI score

Exploits0

Chainguard•added 2025/11/02 1:49 p.m.•3 views

GHSA-447V-2QG4-H8HC vulnerabilities

Vulnerabilities for packages: skopeo-fips, nodetaint, falcoctl, mongodb-kubernetes-operator-fips, kubernetes-csi-external-attacher-fips, prometheus-node-exporter, pvc-autoresizer, glow, vgpu-util, maru, falco-exporter-fips, stern, secrets-store-csi-driver, timescaledb-tune, localstack, go-license...

5.8AI score

Exploits0

NVD•added 2025/10/30 2:15 p.m.•3 views

CVE-2025-50739

iib0011 omni-tools v0.4.0 is vulnerable to remote code execution via unsafe JSON deserialization...

9.8CVSS0.00683EPSS

Exploits0References2

Vulnrichment•added 2025/10/29 10:10 p.m.•1 views

CVE-2025-58185 Parsing DER payload can cause memory exhaustion in encoding/asn1

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

6.5AI score0.00036EPSS

Exploits0References4

OSV•added 2025/10/29 9:50 p.m.•6 views

GO-2025-4011 Parsing DER payload can cause memory exhaustion in encoding/asn1

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

5.3CVSS6.9AI score0.00036EPSS

Exploits0References3

OSV•added 2025/10/27 12:5 a.m.•2 views

CVE-2025-11447 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...

7.5CVSS8.9AI score0.00071EPSS

Exploits0References6

OSV•added 2025/10/17 5:8 p.m.•2 views

GHSA-G46H-2RQ9-GW5M OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests

Summary JSON objects after decoding might use more memory than their serialized version. It is possible to tune a JSON to maximize the factor between serialized memory usage and deserialized memory usage similar to a zip bomb. While reproducing the issue, we could reach a factor of about 35. This...

7.5CVSS6.8AI score0.0016EPSS

Exploits0References8

CNNVD•added 2025/10/16 12:0 a.m.•4 views

D-Link Nuclias Connect 安全漏洞

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from an observable response difference vulnerability that stems from the...

6.9CVSS6.9AI score0.00041EPSS

Exploits0References4

Talos•added 2025/10/16 12:0 a.m.•2 views

Dell BSAFE Crypto-C GetIndefiniteElementLen stack overflow vulnerability

Talos Vulnerability Report TALOS-2025-2142 Dell BSAFE Crypto-C GetIndefiniteElementLen stack overflow vulnerability October 16, 2025 CVE Number None SUMMARY A stack overflow vulnerability exists in the GetIndefiniteElementLen functionality of Dell BSAFE Crypto-C xxx. A specially crafted ASN.1...

7.5AI score

Exploits0

NVD•added 2025/10/15 2:15 p.m.•4 views

CVE-2025-54858

When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End o...

8.7CVSS0.00036EPSS

Exploits0References1

Tenable Nessus•added 2025/10/14 12:0 a.m.•0 views

SUSE SLES15 Security Update : haproxy (SUSE-SU-2025:03589-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03589-1 advisory. - CVE-2025-11230: Fixed issue in the mjson JSON decoder, that could have let to excessive resource consumption when processing numbers with large...

7.5CVSS7.2AI score0.00468EPSS

Exploits0References4

OSV•added 2025/10/07 5:26 p.m.•2 views

RLSA-2025:17119 Moderate: perl-JSON-XS security update

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C. Security Fixes: JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON CVE-2025-40928 For...

7.5CVSS7.3AI score0.00188EPSS

Exploits0References2