CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

70 matches found

RedhatCVE•added 2025/08/23 5:15 p.m.•2 views

CVE-2025-43754

Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows attackers to determine if an account exist in the...

6.9CVSS6.3AI score0.00078EPSS

Exploits0References1

OSV•added 2025/08/21 6:31 p.m.•2 views

GHSA-X7P4-V8MJ-6FXX Liferay Portal Username Enumeration Vulnerability

6.9CVSS7.1AI score0.00078EPSS

Exploits0References23

OSV•added 2025/08/21 6:15 p.m.•2 views

CVE-2025-43754

5.3CVSS5.8AI score0.00078EPSS

Exploits0References1

Veracode•added 2025/03/28 10:13 a.m.•9 views

Denial Of Service (DoS)

aim is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient handling of large Text object queries due to excessive processing time when multiple objects are requested simultaneously, causing the server to become unresponsive...

7.5CVSS7.1AI score0.00442EPSS

Exploits1References3Affected Software1

RedhatCVE•added 2025/02/05 7:39 a.m.•4 views

CVE-2024-23837

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46...

7.5CVSS6.5AI score0.00269EPSS

Exploits1References1

Tenable Nessus•added 2024/09/10 12:0 a.m.•16 views

EulerOS 2.0 SP12 : python-idna (EulerOS-SA-2024-2355)

According to the versions of the python-idna package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises...

7.5CVSS6.7AI score0.00689EPSS

Exploits1References2

RedHat Linux•added 2024/08/15 8:11 p.m.•4 views

jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression

A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This...

7.5CVSS5.8AI score0.00021EPSS

Exploits1References5

RedHat Linux•added 2024/08/15 8:7 p.m.•3 views

jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression

7.5CVSS5.8AI score0.00021EPSS

Exploits1References5

OSV•added 2024/07/07 6:15 p.m.•1 views

DEBIAN-CVE-2024-3651

A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...

7.5CVSS6.5AI score0.00689EPSS

Exploits1References1

OSV•added 2024/07/07 6:15 p.m.•34 views

CVE-2024-3651

7.5CVSS6.5AI score

Exploits0References7

OSV•added 2024/07/07 6:15 p.m.•0 views

AZL-43204 CVE-2024-3651 affecting package python-idna for versions less than 3.7-1

7.5CVSS6.7AI score0.00689EPSS

Exploits1References1

OSV•added 2024/06/04 3:11 a.m.•5 views

OPENSUSE-SU-2024:0150-1 Security update for libhtp

This update for libhtp fixes the following issues: - CVE-2024-23837: excessive processing time of HTTP headers can lead to denial of service boo1220403...

7.5CVSS6.6AI score0.00269EPSS

Exploits1References3

OSV•added 2024/05/20 7:46 p.m.•20 views

GO-2024-2632 JWX vulnerable to a denial of service attack using compressed JWE message in github.com/lestrrat-go/jwx

An attacker with a trusted public key may cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the recipient, it results in significant memory allocation and processing time duri...

6.8CVSS6.6AI score0.0015EPSS

Exploits1References5

RedHat Linux•added 2024/04/30 1:36 p.m.•2 views

python-jwcrypto: malicious JWE token can cause denial of service

An uncontrolled resource consumption vulnerability was found in python-jwcrypto. If a malicious JWE token with a high compression ratio is passed to the server, the server will consume a lot of memory and processing time, leading to a denial of service...

6.8CVSS7.1AI score0.00381EPSS

Exploits1References6

UbuntuCve•added 2024/03/21 2:52 a.m.•20 views

CVE-2024-28102

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

6.8CVSS6.7AI score0.00381EPSS

Exploits1References3

Prion•added 2024/03/14 10:53 p.m.•47 views

Code injection

6.9AI score0.00381EPSS

Exploits1References2Affected Software1

CNVD•added 2024/03/14 12:0 a.m.•8 views

LibHTP Denial of Service Vulnerability

LibHTP is a security-aware parser. The product is mainly used for HTTP protocols, among others. A denial of service vulnerability exists in LibHTP prior to version 0.5.46. The vulnerability stems from failure to properly process incoming error messages, which can be exploited by an attacker to...

7.5CVSS6.5AI score0.00269EPSS

Exploits1References1

OSV•added 2024/03/08 3:6 p.m.•23 views

GHSA-HJ3V-M684-V259 JWX vulnerable to a denial of service attack using compressed JWE message

Summary This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the recipient, it results in significant memory...

6.8CVSS7.4AI score0.0015EPSS

Exploits1References7