CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

418 matches found

GithubExploit•added 2026/05/27 1:16 a.m.•65 views

Exploit for Deserialization of Untrusted Data in Drupal

CVE-2019-6340 — Drupal RESTful Web Services RCE Python imple...

8.1CVSS8AI score0.9441EPSS

Exploits22

GithubExploit•added 2026/05/21 4:24 a.m.•54 views

psqli

psqli Powerfull Automatic Sql injection Tools Pack Fast...

5.8AI score

Exploits0

ATTACKERKB•added 2026/04/24 2:40 a.m.•1 views

CVE-2026-41317

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS.press.api.account.createapisecret is prone to CSRF-like exploits. This endpoint writes to database and it is also accessible via GET method. The patch in commit...

8.7CVSS5.8AI score0.00022EPSS

Exploits0References3

EUVD•added 2026/04/24 2:40 a.m.•3 views

EUVD-2026-25386

8.7CVSS5.8AI score0.00022EPSS

Exploits0References2

CVE•added 2026/04/24 2:40 a.m.•6 views

CVE-2026-41317

The CVE concerns Press, a Frappe-based app, where the API endpoint press.api.account.create_api_secret is vulnerable to CSRF-like exploits. The issue stems from the endpoint accepting unsafe HTTP methods (GET) and writing to the database, enabling unauthorized actions without user interaction. A ...

8.7CVSS5.8AI score0.00022EPSS

Exploits0References2Affected Software1

EUVD•added 2026/03/04 6:31 p.m.•3 views

EUVD-2025-208284

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component...

6.1AI score0.00134EPSS

Exploits1References4

Veracode•added 2026/01/15 12:5 p.m.•4 views

Denial Of Service (DoS)

aiohttp is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of crafted requests in the Request.post method, which allows an attacker to exhaust server memory and freeze the AIOHTTP server during request processing...

8.7CVSS7AI score0.00058EPSS

Exploits0References3Affected Software2

RedhatCVE•added 2026/01/09 9:16 a.m.•4 views

CVE-2025-40695

Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'remark', 'status' and 'takeaction' parameters via POST at the endpoint '/ofrs/admin/request-details.php'. This...

5.4CVSS5.5AI score0.00048EPSS

Exploits0References1

RedhatCVE•added 2026/01/06 7:27 a.m.•3 views

CVE-2025-69227

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. A remote attacker could exploit this vulnerability by sending a specially crafted POST request to an application using the Request.post method, provided that Python optimizations are enabled. This could lead to ...

8.7CVSS6.4AI score0.00026EPSS

Exploits0References5

Vulnrichment•added 2026/01/05 11:30 p.m.•1 views

CVE-2025-69228 AIOHTTP vulnerable to denial of service through large payloads

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. If an application includes a handler that uses the Request.post method, ...

8.7CVSS6.3AI score0.00058EPSS

Exploits0References2

AlpineLinux•added 2026/01/05 11:19 p.m.•2 views

CVE-2025-69227

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

8.7CVSS7AI score0.00026EPSS

Exploits0

OSV•added 2026/01/05 11:10 p.m.•0 views

GHSA-JJ3X-WXRX-4X23 AIOHTTP vulnerable to DoS when bypassing asserts

Summary When assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body. Impact If optimisations are enabled -O or PYTHONOPTIMIZE=1, and the application includes a handler that uses the Request.post method, then an attacker may be able to...

8.7CVSS7.2AI score0.00026EPSS

Exploits0References4

Positive Technologies•added 2026/01/05 12:0 a.m.•1 views

PT-2026-1354

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below are susceptible to a denial of service condition. An attacker can craft a request that caus...

8.7CVSS6.7AI score0.00058EPSS

Exploits0References12

Positive Technologies•added 2026/01/05 12:0 a.m.•2 views

PT-2026-1353

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, is susceptible to a denial-of-service DoS attack. When optimizations are enabled using -O or PYTHONOPTIMIZE=1, and an...

8.7CVSS6.6AI score0.00026EPSS

Exploits0References11

RedhatCVE•added 2025/12/09 12:29 p.m.•2 views

CVE-2025-42616

Some endpoints in vulnerability-lookup that modified application state e.g. changing database entries, user data, configurations, or other privileged actions may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application vulnerable to Cross-Site...

7CVSS7AI score0.00025EPSS

Exploits0References1

EUVD•added 2025/11/04 1:15 p.m.•2 views

EUVD-2025-37752

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id' and ' 'idsociedad' in '/api/buscarEmpresaById.php'...

8.7CVSS6.2AI score0.00048EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-16633

Malware in sbrugna...

9.8CVSS9.5AI score0.00263EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2020-13086

Malware in sbrugna...

7.5CVSS7.5AI score0.00614EPSS

Exploits1References2