CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:16046 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and...

6.8CVSS6.5AI score0.01044EPSS

Exploits1References105

OSV•added 2025/07/29 1:40 p.m.•8 views

RLSA-2025:4263 Moderate: php:8.1 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

5.8CVSS8AI score0.01153EPSS

Exploits5References9

F5 Networks•added 2025/07/22 10:51 p.m.•6 views

K000152676: Golang net vulnerabilities CVE-2023-45290 and CVE-2024-24784

Security Advisory Description CVE-2023-45290 When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while...

7.5CVSS6.7AI score0.02017EPSS

Exploits0

OpenVAS•added 2025/07/17 12:0 a.m.•3 views

aiohttp < 3.12.14 HTTP Request Smuggling Vulnerability - Windows

aiohttp is prone to an HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.3AI score0.00424EPSS

Exploits0References1

Vulnrichment•added 2025/07/14 8:17 p.m.•4 views

CVE-2025-53643 AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...

6.3CVSS6.5AI score0.00424EPSS

Exploits0References2

Github Security Blog•added 2025/07/14 7:33 p.m.•5 views

AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

Summary The Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execu...

7.5CVSS6.6AI score0.00424EPSS

Exploits0References4Affected Software1

CNNVD•added 2025/06/23 12:0 a.m.•1 views

HTACG HTML Tidy 安全漏洞

HTACG HTML Tidy is an open source HTML tool from the HTML Tidy Advocacy Community Group. A security vulnerability exists in HTACG HTML Tidy version 5.8.0, which stems from a reachable assertion issue in the prvTidyParseNamespace function in the src/parser.c file...

4.8CVSS4.1AI score0.00061EPSS

Exploits0References6

RedhatCVE•added 2025/05/23 9:42 a.m.•5 views

CVE-2024-23904

Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...

7.5CVSS7AI score0.00133EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 8:25 a.m.•9 views

CVE-2024-46935

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service DoS. Attackers who craft messages with specific characters may crash the workspace due to an issue in the message parser...

7.5CVSS6.7AI score0.00126EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:37 p.m.•5 views

CVE-2021-30020

In the function gfhevcreadppsbsinternal function in mediatools/avparsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps-numtilecolumns may be larger than sizeofpps-columnwidth, which results in a heap overflow in the loop...

5.5CVSS7.1AI score0.00265EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 4:51 p.m.•6 views

CVE-2020-8437

The bencoding parser in BitTorrent uTorrent through 3.5.5 build 45505 misparses nested bencoded dictionaries, which allows a remote attacker to cause a denial of service...

7.5CVSS7AI score0.18159EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:13 a.m.•6 views

CVE-2017-1000416

axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year 1950 of UTCTime being misinterpreted as 2050...

5.3CVSS6.9AI score0.00294EPSS

Exploits0References1

OSV•added 2025/05/19 2:15 a.m.•5 views

CVE-2025-23167

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

6.9AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by