CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/05/02 10:15 p.m.•0 views

DEBIAN-CVE-2022-21546

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITESAME No Data Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like "sgwritesame --ndob" we...

7.8CVSS6.6AI score0.00032EPSS

OSV•added 2025/05/02 10:15 p.m.•0 views

UBUNTU-CVE-2022-21546

8.7CVSS6.7AI score0.00032EPSS

Exploits0References16

GithubExploit•added 2025/04/30 1:53 p.m.•325 views

Exploit for Cross-Site Request Forgery (CSRF) in Nosurf_Project Nosurf

CVE-2025-46721: CSRF...

6.1CVSS9.2AI score0.00044EPSS

Exploits2

OSV•added 2025/04/29 3:15 a.m.•1 views

CVE-2025-24271

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An unauthenticated user on the same network as a signed-in Mac could send it...

5.4CVSS5.9AI score

Exploits0References7

Snyk•added 2025/04/25 3:9 p.m.•1 views

Improper Ownership Management

Overview Affected versions of this package are vulnerable to Improper Ownership Management for projects, whose namespace defaults to being the project name, regardless of cluster. A user with permission to create a project can escalate privileges to those of a user who owns a project by the same...

Snyk•added 2025/04/25 3:9 p.m.•1 views

Improper Ownership Management

Snyk•added 2025/04/25 3:9 p.m.•1 views

Improper Ownership Management

Snyk•added 2025/04/25 3:9 p.m.•2 views

Improper Ownership Management

Snyk•added 2025/04/25 3:9 p.m.•2 views

Improper Ownership Management

Overview github.com/rancher/rancher/pkg/apis/management.cattle.io/v3 is a complete container management platform Affected versions of this package are vulnerable to Improper Ownership Management for projects, whose namespace defaults to being the project name, regardless of cluster. A user with...

SUSE CVE•added 2025/04/20 11:26 p.m.•4 views

SUSE CVE-2016-5196

The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HT...

8.8CVSS6.5AI score0.00617EPSS

Exploits0References3

Packet Storm News•added 2025/04/18 12:0 a.m.•3 views

Breaking ECDSA with Two Affinely Related Nonces

The security of the Elliptic Curve Digital Signature Algorithm ECDSA depends on the uniqueness and secrecy of the nonce, which is used in each signature. While it is well understood that nonce $k$ reuse across two distinct messages can leak the private key, we show that even if a distinct value i...

6.9AI score

Exploits0

SUSE CVE•added 2025/04/16 2:36 a.m.•2 views

SUSE CVE-2025-24358

gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes...

5.3CVSS6.2AI score0.00063EPSS

Exploits0References4

OSV•added 2025/04/15 7:16 p.m.•0 views

UBUNTU-CVE-2025-24358

6CVSS5.8AI score0.00063EPSS

Exploits0References4

Snyk•added 2025/04/14 3:26 p.m.•3 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to a lack of checks for Referer origin headers. By inspecting the r.URL.Scheme value, a user who can inject scripts can perform authenticated form submissions that bypass intended origin checks. The...

6CVSS6.8AI score0.00063EPSS

Exploit DB•added 2025/04/11 12:0 a.m.•236 views

ABB Cylon FLXeon 9.3.4 - Cross-Site Request Forgery

Exploit title: ABB Cylon FLXeon 9.3.4 Limited Cross-Site Request Forgery Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building...

7.4AI score

Exploits0

OSV•added 2025/04/10 12:15 p.m.•2 views

CVE-2025-32754

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SS...

9.1CVSS5.8AI score0.00162EPSS

RedHat Linux•added 2025/04/10 1:6 a.m.•4 views

golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header redirected to b.com/ will not send that header to b.com. However, the...

6.1CVSS7.2AI score0.00142EPSS

Exploits0References6

SUSE CVE•added 2025/04/02 1:29 p.m.•1 views

SUSE CVE-2025-3071

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

5.4CVSS6.5AI score0.00014EPSS

Exploits0References4

OSV•added 2025/04/02 1:15 a.m.•1 views

DEBIAN-CVE-2025-3071

5.4CVSS5.9AI score0.00014EPSS