CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61 matches found

Alibaba Cloud Linux 3 : 0137: nginx (ALINUX3-SA-2026:0137)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0137 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-41741: NGINX Open Source before...

8.8CVSS6.2AI score0.00851EPSS

Exploits2References7

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в golang-1.19

The net/http HTTP/1.1 client mishandled the situation where a server responds to a request with an “Expect: 100-continue” header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, causing the next request sent on that connection to...

7.5CVSS6.8AI score0.01018EPSS

Exploits0References2

Google Chrome Security Advisories•added 2026/04/15 12:0 a.m.•10 views

Stable Channel Update for Desktop

The Stable channel has been updated to 147.0.7727.101/102 for Windows/Mac and 147.0.7727.101 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...

9.6CVSS6AI score0.00056EPSS

Exploits0Affected Software1

Positive Technologies•added 2026/04/07 12:0 a.m.•1 views

PT-2026-31022

Name of the Vulnerable Software and Affected Versions xdg-dbus-proxy versions prior to 0.1.7 Description xdg-dbus-proxy is a filtering proxy for D-Bus connections. A policy parser issue allows bypassing eavesdrop restrictions. The proxy incorrectly handles variations in the 'eavesdrop' policy rul...

6.8CVSS5.8AI score0.00009EPSS

Exploits0References28

Hacker One•added 2026/04/05 6:17 a.m.•10 views

curl: no_proxy IDN mismatch: Unicode hostnames bypass proxy exclusion list

Summary Unicode IDN hostnames in noproxy are never converted to punycode before comparison, so they never match the request hostname which curl has already converted to punycode. A user who types noproxy="bücher.de" and requests http://bücher.de/ expects the proxy to be bypassed. Instead curl...

7.5CVSS6.6AI score0.00048EPSS

Exploits1

EUVD•added 2026/04/01 9:30 p.m.•1 views

EUVD-2026-18027

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive...

5.3CVSS5.9AI score0.00015EPSS

Exploits0References2

CVE•added 2026/04/01 8:41 p.m.•5 views

CVE-2026-2862

CVE-2026-2862 : IBM security products IBM Verify Identity Access Container (11.0–11.0.2) and IBM Security Verify Access Container (10.0–10.0.9.1) are affected by an issue where an inconsistent interpretation of an HTTP request by a reverse proxy could allow a remote attacker to access sensitive i...

5.3CVSS5.9AI score0.00015EPSS

Exploits0References1Affected Software4

Vulnrichment•added 2026/04/01 8:41 p.m.•0 views

CVE-2026-2862 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

5.3CVSS5.9AI score0.00015EPSS

Exploits0References1

Tenable Nessus•added 2026/01/20 12:0 a.m.•2 views

MiracleLinux 9 : grafana-pcp-3.2.0-3.el9 (AXSA:2023-4824:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4824:01 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: io/fs: stack exhaustion in Glob CVE-2022-30630 golang:...

7.5CVSS7.1AI score0.00159EPSS

Exploits2References7

OSV•added 2025/12/02 1:21 a.m.•1 views

GHSA-VJR8-56P3-FMQQ Keycloak unable to restrict access to the admin console

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

3.7CVSS5.8AI score0.00014EPSS

Exploits0References7

RedHat Linux•added 2025/11/20 8:5 a.m.•4 views

python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS5.9AI score0.00076EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-0858

Malware in sbrugna...

7.5CVSS7.5AI score0.00236EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-1600

Malware in sbrugna...

8.1CVSS7.9AI score0.00577EPSS

Exploits0References9