CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/02/24 4:30 p.m.•1 views

CVE-2026-27589 Caddy vulnerable to cross-origin config application via local admin API /load (caddy)

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...

8.2CVSS5.5AI score0.00027EPSS

Exploits1References6

Snyk•added 2026/01/07 6:30 p.m.•3 views

Improper Validation of Syntactic Correctness of Input

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input of the request's Host header. An attacker can manipulate server behavior, potentially leading to cache...

9.6CVSS6AI score0.0005EPSS

Exploits0References2

Positive Technologies•added 2025/11/18 12:0 a.m.•2 views

PT-2026-2535

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel’s Network File System daemon NFSD related to handling Access Control Lists ACLs during NFSv4 file creation. Specifically, when an NFSv4 client attempt...

6CVSS5.4AI score0.00068EPSS

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-33579

Malicious code in bioql PyPI...

7.3CVSS6.2AI score0.00558EPSS

Exploits0References15

RedHat Linux•added 2025/07/23 3:25 p.m.•3 views

wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)

A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server...

RedHat Linux•added 2025/07/14 4:21 p.m.•3 views

wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)

RedHat Linux•added 2025/07/14 3:56 p.m.•1 views

wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)

Rapid7 Blog•added 2025/05/30 6:8 p.m.•22 views

Metasploit Wrap-Up 05/30/2025

The internet is a series of Tube SOCKS Metasploit has supported SOCKS proxies for years now, being able to both act as both a client by setting the Proxies datastore option and a server by running the auxiliary/server/socksproxy module. While Metasploit has supported both SOCKS versions 4a and 5,...

9.8CVSS8.8AI score0.85362EPSS

Exploits12

RedHat Linux•added 2025/03/03 11:6 a.m.•2 views

wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)

OSV•added 2024/12/23 8:15 p.m.•9 views

GHSA-64GP-R758-8PFM Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment

A vulnerability was found in the WildFly management console. A user may perform cross-site scripting in the deployment system. An attacker or insider may execute a malicious payload which could trigger an undesired behavior against the server. Impact Cross-site scripting XSS vulnerability in the...

6.9CVSS6AI score

OSV•added 2024/10/22 2:15 p.m.•1 views

CVE-2024-10234

7.3CVSS5.4AI score0.00558EPSS

Exploits0References14

RedHat Linux•added 2023/10/19 7:9 p.m.•1 views

jetty: Improper validation of HTTP/1 content-length

A flaw was found in Jetty that permits a plus sign + preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400...

5.3CVSS7.1AI score0.04575EPSS

Exploits0References6

OSV•added 2023/08/15 8:8 p.m.•16 views

GHSA-XVHG-W6QC-M3QQ Yaklang Plugin's Fuzztag Component Allows Unauthorized Local File Reading

Impact The Yak Engine has been found to contain a local file inclusion LFI vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to the unintended exposure of sensitive data, potential...

7.5CVSS7.1AI score0.0021EPSS

Exploits0References6

Prion•added 2023/08/14 8:15 p.m.•14 views

Remote code execution

yaklang is a programming language designed for cybersecurity. The Yak Engine has been found to contain a local file inclusion LFI vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to t...

5CVSS7.7AI score0.0021EPSS

Exploits0References3Affected Software1

Check Point Advisories•added 2022/07/28 12:0 a.m.•0 views

HTTP Payload CRLF Injection

A CRLF Injection over HTTP payload vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to change the server's behavior...

2.7AI score

Cvelist•added 2016/09/18 1:0 a.m.•13 views

CVE-2016-0923

The client in EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server...

7.5AI score0.00578EPSS

Exploits0References3

Hacker One•added 2014/07/18 5:21 p.m.•145 views

Mail.ru: e.mail.ru: File upload "Chapito" circus

Начинаем пихать зиробайты в имя файла на загрузке и поведение сервера неадекватно. Пока ничего страшнее чем local path disclosure, но боюсь импакт больше чем кажется. В имени файла в примере "��t123123", в хексе "220000000000007431323331323322" POST...

7AI score