CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

313 matches found

OSV•added 2025/10/29 10:12 p.m.•1 views

GHSA-PQHF-P39G-3X64 uv allows ZIP payload obfuscation through parsing differentials

Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields...

6.8CVSS6.2AI score0.00005EPSS

Exploits0References3

AlpineLinux•added 2025/10/10 10:4 p.m.•2 views

CVE-2025-61912

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to...

6.9CVSS6.6AI score0.00142EPSS

Exploits1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2000-0824

Malware in sbrugna...

5CVSS6.4AI score0.00886EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-3593

Malware in sbrugna...

9.8CVSS9.2AI score0.00644EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2010-1110

Malware in sbrugna...

7.5CVSS6.4AI score0.00417EPSS

Exploits1References6

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-31700

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00019EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-35019

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00591EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-5023

Malicious code in bioql PyPI...

7.8CVSS5AI score0.00953EPSS

Exploits0References10

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-1994

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.02248EPSS

Exploits0References9

OSV•added 2025/10/02 2:44 p.m.•2 views

BIT-MONGODB-2024-10921 Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server

An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to...

8.1CVSS7.1AI score0.00758EPSS

Exploits0References2

CNNVD•added 2025/10/01 12:0 a.m.•3 views

Suricata 代码问题漏洞

Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A code issue vulnerability exists in Suricata version 8.0.0 that stems from the use of the tls.subjectaltname keyword when decoding subjectaltname to contain null bytes, which could lead to a segmentation...

7.5CVSS6.6AI score0.00169EPSS

Exploits1References4

Github Security Blog•added 2025/09/30 12:30 p.m.•5 views

@nubosoftware/node-static failure to catch exception can result in server crash

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS6.5AI score0.00019EPSS

Exploits0References6Affected Software1

Debian CVE•added 2025/09/30 5:0 a.m.•3 views

CVE-2025-11149

7.5CVSS5.2AI score0.00019EPSS

Exploits0

CVE•added 2025/09/30 5:0 a.m.•15 views

CVE-2025-11149

CVE-2025-11149 affects all versions of node-static and @nubosoftware/node-static. The root issue is that the package fails to catch an exception when user input contains null bytes, allowing an attacker to access the URL http://host/%00 and cause a server crash. The connected Nessus/Red Hat/GHSA/...

7.5CVSS6.5AI score0.00019EPSS

Exploits0References3

Tenable Nessus•added 2025/09/03 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2015-7695

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via...

9.8CVSS8.9AI score0.02248EPSS

Exploits0References2

RedhatCVE•added 2025/08/18 11:27 a.m.•4 views

CVE-2025-38528

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt = "%p%"; bpftraceprintkfmt, sizeoffmt; The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in...

5.5CVSS6.2AI score0.00026EPSS

Exploits0References4

Tenable Nessus•added 2025/08/18 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2024-10977

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq...

3.7CVSS6.5AI score0.00345EPSS

Exploits0References3

OSV•added 2025/08/11 1:52 p.m.•2 views

BIT-LIBPYTHON-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

7.5CVSS8.8AI score0.00334EPSS

Exploits0References7

OSV•added 2025/07/29 9:17 a.m.•3 views

CLSA-2025-1753780622 php: Fix of CVE-2025-1220

CVE-2025-1220: error if host contains null bytes in the middle of the string...

5.3CVSS5.9AI score0.00156EPSS

Exploits1References1

OSV•added 2025/07/29 6:5 a.m.•2 views

CLSA-2025-1753769145 php: Fix of CVE-2025-1220

CVE-2025-1220: error if host contains null bytes in the middle of the string...

5.3CVSS6.5AI score0.00156EPSS

Exploits1References1