CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

64 matches found

OneNav v0.9.35-20240318 - Server-Side Request Forgery (SSRF)

OneNav v0.9.35-20240318 is vulnerable to server-side request forgery SSRF via the url parameter in the getlinkinfo API. An attacker can force the server to make arbitrary requests, potentially accessing internal resources. id: CVE-2024-33832 info: name: OneNav v0.9.35-20240318 - Server-Side Reque...

6.3CVSS6AI score0.0072EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 10:43 a.m.•7 views

CVE-2022-26276

An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal...

5.3CVSS6.9AI score0.01145EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2021-25150

Malware in sbrugna...

7.5CVSS7.5AI score0.01145EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•18 views

EUVD-2021-24611

Malware in sbrugna...

5.4CVSS5.5AI score0.01503EPSS

Exploits2References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-59391

Malicious code in bioql PyPI...

9.8CVSS7.7AI score0.00984EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2025-8671

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00201EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-8670

Malicious code in bioql PyPI...

5.5CVSS6.6AI score0.00184EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-30837

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.01145EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 6:24 a.m.•4 views

CVE-2024-33832

OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery SSRF via the component /index.php?c=api=getlinkinfo...

6.3CVSS7.5AI score0.0072EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:23 a.m.•6 views

CVE-2023-7210

A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is possible to initiate the attack remotely. The...

9.8CVSS6.9AI score0.00984EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:8 p.m.•13 views

CVE-2021-38138

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release...

5.4CVSS5.8AI score0.01503EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 6:40 p.m.•7 views

CVE-2021-38712

OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file...

7.5CVSS6.8AI score0.01145EPSS

Exploits1References1

RedhatCVE•added 2025/03/30 1:5 a.m.•22 views

CVE-2025-28097

OneNav 1.1.0 is vulnerable to Cross Site Scripting XSS in custom headers...

5.5CVSS6.3AI score0.00184EPSS

Exploits1References1

RedhatCVE•added 2025/03/30 1:3 a.m.•26 views

CVE-2025-28096

OneNav 1.1.0 is vulnerable to Server-Side Request Forgery SSRF in custom headers...

5.4CVSS7.2AI score0.00201EPSS

Exploits1References1

NVD•added 2025/03/28 10:15 p.m.•24 views

CVE-2025-28096

OneNav 1.1.0 is vulnerable to Server-Side Request Forgery SSRF in custom headers...

5.4CVSS0.00201EPSS

Exploits1References1

NVD•added 2025/03/28 10:15 p.m.•19 views

CVE-2025-28097

OneNav 1.1.0 is vulnerable to Cross Site Scripting XSS in custom headers...

5.5CVSS0.00184EPSS

Exploits1References1

OSV•added 2025/03/28 10:15 p.m.•7 views

CVE-2025-28097

OneNav 1.1.0 is vulnerable to Cross Site Scripting XSS in custom headers...

5.5CVSS5.9AI score

Exploits0References1

OSV•added 2025/03/28 10:15 p.m.•8 views

CVE-2025-28096

OneNav 1.1.0 is vulnerable to Server-Side Request Forgery SSRF in custom headers...

5.4CVSS6.8AI score

Exploits0References1

CVE•added 2025/03/28 12:0 a.m.•62 views

CVE-2025-28096

CVE-2025-28096 affects OneNav 1.1.0. The vulnerability is Server-Side Request Forgery (SSRF) in custom headers. CVSSv3.1 base score 5.4 (MEDIUM); attack vector NETWORK; privileges required LOW; user interaction REQUIRED; impact is Confidentiality/Integrity LOW, Availability NONE. Root cause and e...

5.4CVSS7.1AI score0.00201EPSS

Exploits1References1Affected Software1