CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

122 matches found

RedHat Linux•added 2026/05/15 4:17 p.m.•4 views

nginx: NGINX: Arbitrary Code Execution Vulnerability

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.6AI score0.00288EPSS

Exploits35References6

Cvelist•added 2026/05/13 2:12 p.m.•24 views

CVE-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

8.3CVSS0.0007EPSS

Exploits0References1

Cvelist•added 2026/04/23 12:10 a.m.•35 views

CVE-2026-41180 PsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restart

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...

7.5CVSS0.00055EPSS

Exploits0References3

NCSC•added 2026/03/12 2:44 p.m.•10 views

Vulnerabilities fixed in Cisco IOS XR

Cisco has fixed vulnerabilities in Cisco IOS XR Software. The vulnerabilities are in the command-line interface CLI of Cisco IOS XR, which allows authenticated local attackers to execute arbitrary root-level commands or obtain full administrative privileges. In addition, there is a problem with t...

8.8CVSS6.1AI score0.00098EPSS

Exploits0References3

NVD•added 2026/03/11 5:16 p.m.•1 views

CVE-2026-20074

A vulnerability in the Intermediate System-to-Intermediate System IS-IS multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This vulnerability is due to insufficient input validation of ingre...

7.4CVSS0.0005EPSS

Exploits0References1

RedhatCVE•added 2025/12/17 8:4 p.m.•3 views

CVE-2025-8872

On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered...

7.1CVSS6.8AI score0.0003EPSS

Exploits0References1

NVD•added 2025/12/16 8:15 p.m.•2 views

CVE-2025-8872

7.1CVSS0.0003EPSS

Exploits0References1

CVE•added 2025/12/16 7:32 p.m.•19 views

CVE-2025-8872

This CVE affects Arista EOS with OSPFv3 configured. A specially crafted IPv6 OSPFv3 packet can cause the ospfv3 process to have high CPU utilization, potentially restarting the process and disrupting OSPFv3 routes. The Arista advisory lists affected EOS trains: 4.34.x (4.34.1F and below), 4.33.x ...

7.1CVSS6.5AI score0.0003EPSS

Exploits0References1

CNNVD•added 2025/12/16 12:0 a.m.•2 views

Arista EOS 安全漏洞

Arista EOS is a fully programmable, highly modular, Linux-based network operating system from Arista Corporation. A security vulnerability exists in Arista EOS that stems from specially crafted packets that could lead to excessive CPU utilization of the OSFPv3 process, potentially resulting in a...

7.1CVSS6.6AI score0.0003EPSS

Exploits0References1