CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2025/10/30 12:0 a.m.•3 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI version 5.8.5 and versions prior to CCM 3.1.3, which stems fro...

8.8CVSS7.5AI score0.01409EPSS

Exploits0References2

NVD•added 2025/10/29 11:16 p.m.•3 views

CVE-2025-58187

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains...

7.5CVSS0.0002EPSS

OSV•added 2025/10/29 11:16 p.m.•2 views

CVE-2025-58187

7.5CVSS6AI score

Cvelist•added 2025/10/29 10:10 p.m.•3 views

CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

0.00023EPSS

Vulnrichment•added 2025/10/29 10:10 p.m.•2 views

CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto

6.5AI score0.00023EPSS

Vulnrichment•added 2025/10/29 10:10 p.m.•2 views

CVE-2025-58187 Quadratic complexity when checking name constraints in crypto/x509

6.3AI score0.0002EPSS

Snyk•added 2025/10/29 9:51 p.m.•1 views

Allocation of Resources Without Limits or Throttling

Overview std/net/textproto is a Go standard library package std/net/textproto Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report:The Reader.ReadResponse function constructs a response string through repeated string...

6.9CVSS6.9AI score0.00023EPSS

OSV•added 2025/10/29 9:51 p.m.•4 views

GO-2025-4015 Excessive CPU consumption in Reader.ReadResponse in net/textproto

5.3CVSS6.5AI score0.00023EPSS

SUSE CVE•added 2025/10/29 12:23 a.m.•5 views

SUSE CVE-2025-61795

Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to...

5.3CVSS6.9AI score0.00129EPSS

Exploits0References12

CNVD•added 2025/10/29 12:0 a.m.•2 views

Dell Storage Manager XML External Entity References Improperly Restricted Vulnerability

Dell Storage Manager is a centralized storage management tool from Dell that is used to manage storage devices such as SC Series, PS Series and FluidFS, providing unified monitoring, configuration and replication capabilities. An XML External Entity Reference Improper Restriction vulnerability...

6.5CVSS6.7AI score0.00046EPSS

Exploits0References1

CNNVD•added 2025/10/29 12:0 a.m.•2 views

Google Go encoding 安全漏洞

Google Go encoding is a code library from Google, Inc. that provides multiple forms of encoding for data based on the Go language. A security vulnerability exists in Google Go encoding that stems from a non-linear correlation between processing time and input size when parsing certain invalid...

7.5CVSS6.6AI score0.00042EPSS

Tenable Nessus•added 2025/10/29 12:0 a.m.•2 views

Siemens SIMATIC Devices Improper Validation of Specified Type of Input (CVE-2024-33621)

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-sk in ipvlanprocessv4 / 6outbound. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...

5.5CVSS6.2AI score0.0001EPSS

CVE•added 2025/10/28 11:48 a.m.•11 views

CVE-2025-40046

CVE-2025-40046 concerns the Linux kernel: io_uring/zcrx may overshoot the recv limit because io_zcrx_recv_skb() double-counted desc->count when processing frag lists, leading to receiving more data than requested and underflow during recursive frag-list handling. The available connected docume...

6.1AI score0.00027EPSS

Exploits0References2

OSV•added 2025/10/28 11:48 a.m.•3 views

CVE-2025-40046 io_uring/zcrx: fix overshooting recv limit

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix overshooting recv limit It's reported that sometimes a zcrx request can receive more than was requested. It's caused by iozcrxrecvskb adjusting desc-count for all received buffers including frag lists, but then...

6.5AI score0.00027EPSS

Redos•added 2025/10/28 12:0 a.m.•7 views

ROS-20251028-01

A vulnerability in the Webmin hosting control panel CGI request handler is associated with errors in processing input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code with root privileges...

9.9CVSS7.1AI score0.21717EPSS

Exploits0

Vulnrichment•added 2025/10/27 9:2 p.m.•10 views

CVE-2025-12327 shawon100 RUET OJ description.php sql injection

A vulnerability was determined in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This issue affects some unknown processing of the file /description.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been public...

6.5CVSS6.4AI score0.00021EPSS

Cvelist•added 2025/10/27 8:0 p.m.•6 views

CVE-2025-62594 ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS)

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow...

4.7CVSS0.00018EPSS

Exploits1References2

NVD•added 2025/10/27 6:15 p.m.•4 views

CVE-2025-61795

5.3CVSS0.00129EPSS