CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

OSV•added 2025/12/03 11:44 a.m.•2 views

BIT-NGINX-GATEWAY-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS6.9AI score0.00615EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-6804

Malicious code in bioql PyPI...

8.6CVSS7.8AI score0.00272EPSS

Exploits0References6

Tenable Nessus•added 2024/07/16 12:0 a.m.•41 views

RHEL 9 : nginx (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication...

7.8CVSS8.4AI score0.00851EPSS

Exploits2References3

Veracode•added 2024/02/19 3:11 p.m.•14 views

HTTP Header Injection

github.com/greenpau/caddy-security is vulnerable to HTTP Header Injection. The vulnerability is due the handling of the X-Forwarded-Proto header, specifically when redirecting to the injected protocol. Exploiting this vulnerability could lead to the bypass of security mechanisms or TLS protocol...

4.3CVSS4.7AI score0.00026EPSS

Exploits0References2Affected Software1

Code423n4•added 2023/03/07 12:0 a.m.•13 views

Ethos stil using LUSD (not ERN) will lead to confusion and ambiguity of the protocol resulting uncountable risk for the project

Lines of code Vulnerability details Impact Ethos stil using LUSD not ERN will lead to confusion and ambiguity of the protocol resulting uncountable risk for the project Proof of Concept Ethos is a fork project of Liquity with additional changes, supporting multi collateral tokens. There are some...

6.8AI score

Exploits0

OSV•added 2022/09/30 4:37 a.m.•30 views

GHSA-FPGF-PJJV-2QGM matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

Impact An attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability...

8.6CVSS7.8AI score0.00272EPSS

Exploits0References6

Github Security Blog•added 2022/09/30 4:37 a.m.•29 views

matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

8.6CVSS7.1AI score0.00272EPSS

Exploits0References6Affected Software1

OSV•added 2022/09/30 12:41 a.m.•22 views

GHSA-R48R-J8FX-MQ2C matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion

8.6CVSS8AI score0.00278EPSS

Exploits0References7

Github Security Blog•added 2022/09/30 12:41 a.m.•24 views

matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion

8.6CVSS7.8AI score0.00278EPSS

Exploits0References7Affected Software1

Veracode•added 2022/09/29 6:54 a.m.•16 views

Cross-site Scripting (XSS)

Matrix Android SDK 2 is vulnerable to cross-site scripting.The vulnerability exists in multiple functions in MXMegolmDecryption.kt due to a protocol confusion in order to send fake to-device messages which allows an attacker to inject the key backup secret during a self-verification...

8.6CVSS7.1AI score0.00272EPSS

Exploits0References4Affected Software1

Prion•added 2022/09/28 9:15 p.m.•16 views

Type confusion

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

5CVSS7.2AI score0.00249EPSS

Exploits0References4Affected Software1

Cvelist•added 2022/09/28 8:35 p.m.•14 views

CVE-2022-39255 Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion

8.6CVSS8.5AI score0.00249EPSS

Exploits0References4

Vulnrichment•added 2022/09/28 8:35 p.m.•8 views

CVE-2022-39255 Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion

8.6CVSS8.3AI score0.00249EPSS

Exploits0References4

CVE•added 2022/09/28 8:35 p.m.•75 views

CVE-2022-39255

Summary (CVE-2022-39255): The Matrix iOS SDK (prior to 0.23.19) is vulnerable to protocol confusion between Megolm and Olm for to-device messages. An attacker collaborating with a malicious homeserver can craft messages that appear to come from another user, enabling impersonation and targeted at...

8.6CVSS7.5AI score0.00249EPSS

Exploits0References4Affected Software1

NVD•added 2022/09/28 8:15 p.m.•8 views

CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS0.00278EPSS

Exploits0References5

OSV•added 2022/09/28 8:15 p.m.•1 views

DEBIAN-CVE-2022-39251

7.5CVSS7.5AI score0.00278EPSS

Exploits0References1

NVD•added 2022/09/28 8:15 p.m.•13 views

CVE-2022-39248

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

8.6CVSS0.00272EPSS

Exploits0References4