CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

CVE-2026-40516

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the webfetch and websearch tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an...

8.3CVSS5.5AI score0.00034EPSS

Exploits1References1

NVD•added 2026/05/14 4:16 p.m.•5 views

CVE-2026-42596

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as...

9.4CVSS0.00084EPSS

Exploits1References1

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в ruby2.5, jruby

A issue was discovered in Ruby between versions 2.6.7, 2.7.x up to 2.7.3, and 3.x up to 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a specified IP address and port. This potentially allows curl to extract information about services that would...

5.8CVSS6.7AI score0.00668EPSS

Exploits1References2

ATTACKERKB•added 2026/04/17 4:2 p.m.•2 views

CVE-2026-40516

8.3CVSS5.8AI score0.00034EPSS

Exploits1References4

Positive Technologies•added 2026/04/17 12:0 a.m.•2 views

PT-2026-33464

Name of the Vulnerable Software and Affected Versions OpenHarness versions prior to commit bd4df81 Description An issue exists in the 'web fetch' and 'web search' tools where target addresses are not properly validated. This allows attackers to manipulate tool parameters to access private and...

8.3CVSS5.8AI score0.00034EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-15844

Malware in sbrugna...

7.7CVSS8.4AI score0.00175EPSS

Exploits0References3

OSV•added 2024/03/06 11:5 a.m.•30 views

BIT-RUBY-2021-31810

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise...

5.8CVSS6.5AI score0.00668EPSS

Exploits1References9

SUSE CVE•added 2023/02/15 4:1 a.m.•1 views

SUSE CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

4.3CVSS9.3AI score0.00083EPSS

Exploits0References140

SUSE CVE•added 2023/02/15 3:41 a.m.•0 views

SUSE CVE-2021-31810

7.5CVSS6.6AI score0.00668EPSS

Exploits1References35

NVD•added 2021/12/23 8:15 p.m.•15 views

CVE-2021-4024

A flaw was found in podman. The podman machine function used to create and manage Podman virtual machine containing a Podman process spawns a gvproxy process on the host system. The gvproxy API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall...

6.5CVSS0.00095EPSS

Exploits1References3

OSV•added 2021/07/13 1:15 p.m.•2 views

ALPINE-CVE-2021-31810

5.8CVSS6.8AI score0.00668EPSS

Exploits1References1

OSV•added 2021/07/13 1:15 p.m.•0 views

UBUNTU-CVE-2021-31810

5.8CVSS6.4AI score0.00668EPSS

Exploits1References6

RubySec•added 2021/07/13 12:0 a.m.•3 views

Trusting FTP PASV responses vulnerability in Net::FTP

5.8CVSS7AI score0.00668EPSS

Exploits1References1Affected Software1

CNVD•added 2021/07/12 12:0 a.m.•35 views

Ruby Information Disclosure Vulnerability (CNVD-2021-59129)

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Yukihiro Matsumoto, a personal developer, and is vulnerable to information disclosure that could be exploited by attackers to extract information about other private and undisclosed services...

5.8CVSS3AI score0.00668EPSS

Exploits1References1

RedHat Linux•added 2021/05/18 3:28 p.m.•2 views

curl: FTP PASV command response can cause curl to connect to arbitrary host

A malicious server can use the PASV response to trick curl into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. If cu...

4.3CVSS6.8AI score0.00083EPSS

Exploits0References5

Microsoft CVE•added 2020/12/16 8:0 a.m.•1 views

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port and this way potentially make curl extract information about services that are otherwise private and not disclosed for example doing port scanning and service banner extractions.

...

4.3CVSS9.3AI score0.00083EPSS

Exploits0

OSV•added 2020/12/14 8:15 p.m.•2 views

ALPINE-CVE-2020-8284

3.7CVSS6.6AI score0.00083EPSS

Exploits0References1

OSV•added 2020/12/09 8:0 a.m.•1 views

UBUNTU-CVE-2020-8284

3.7CVSS6.8AI score0.00083EPSS

Exploits0References5

OSV•added 2019/03/21 4:0 p.m.•1 views

DEBIAN-CVE-2018-4058

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that...

7.7CVSS8.3AI score0.00175EPSS

Exploits0References1

OSV•added 2019/03/21 4:0 p.m.•8 views

CVE-2018-4058

7.7CVSS9.3AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by