CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

OSV•added 2026/03/10 6:28 p.m.•2 views

GO-2026-4576 osctrl has Stored Cross-Site Scripting (XSS) in On-Demand Query List in github.com/jmpsec/osctrl

osctrl has Stored Cross-Site Scripting XSS in On-Demand Query List in github.com/jmpsec/osctrl...

8.7CVSS5.8AI score0.00036EPSS

Exploits0References4

OSSF Malicious Packages•added 2024/10/16 1:3 p.m.•2 views

Malicious code in media-query-list-parser (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score

Exploits0

SUSE CVE•added 2023/02/15 4:38 a.m.•1 views

SUSE CVE-2017-15227

Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on...

7.5CVSS7AI score0.00304EPSS

Exploits0References4

Prion•added 2021/10/11 8:15 a.m.•19 views

Code injection

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. ApiQueryBacklinks action=query&list=backlinks can cause a full table scan...

5CVSS7.6AI score0.01215EPSS

Exploits0References6Affected Software2

RedHat Linux•added 2021/05/18 3:39 p.m.•2 views

python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters

The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request...

5.9CVSS6.8AI score0.00311EPSS

Exploits1References5

OSV•added 2017/10/22 8:29 p.m.•1 views

DEBIAN-CVE-2017-15227

7.5CVSS7AI score0.00304EPSS

Exploits0References1

OSV•added 2017/10/22 8:29 p.m.•2 views

ALPINE-CVE-2017-15227

7.5CVSS7AI score0.00304EPSS

Exploits0References1