CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

234 matches found

OSV•added 2025/03/10 8:35 a.m.•5 views

SUSE-SU-2025:0814-1 Security update for python

This update for python fixes the following issues: - Reference to no longer used 'bracketedhost' variable in the fix for CVE-2025-0938 bsc1236705, bsc1223694...

6.3CVSS7.7AI score0.01639EPSS

Exploits0References4

NVD•added 2025/02/18 6:15 p.m.•8 views

CVE-2024-49589

Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument size...

6.5CVSS0.00106EPSS

Exploits0References1

CVE•added 2025/02/18 5:18 p.m.•46 views

CVE-2024-49589

Foundry Artifacts is affected by a Denial of Service via disk exhaustion caused by a user-supplied size argument. The PT-2025-6701 entry notes the affected versions are not specified and provides no fix information; no exploit details are described in the provided documents. Monitor for updates.

6.5CVSS6.4AI score0.00106EPSS

Exploits0References1

Vulnrichment•added 2025/02/18 5:18 p.m.•16 views

CVE-2024-49589 Foundry artifacts denial of service

Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument size...

6.5CVSS6.4AI score0.00106EPSS

Exploits0References1

RedhatCVE•added 2025/02/16 12:23 a.m.•4 views

CVE-2025-26788

StrongKey FIDO Server before 4.15.1 treats a non-discoverable namedcredential flow as a discoverable transaction...

8.4CVSS6.9AI score0.00028EPSS

Exploits0References1

Vulnrichment•added 2024/12/02 8:26 p.m.•9 views

CVE-2024-49581 Access control issue impacting RV backed objects

Restricted Views backed objects OSV1 could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available...

6.5CVSS6.6AI score0.00071EPSS

Exploits0References1

CVE•added 2024/12/02 8:26 p.m.•52 views

CVE-2024-49581

CVE-2024-49581 affects Palantir Foundry (Apollo-managed Foundry instances). A software bug in Restricted Views backed objects (OSV1) could be bypassed under specific circumstances, allowing users without permission to view such objects via the Object Explorer. The issue did not enable cross-organ...

6.5CVSS6.6AI score0.00071EPSS

Exploits0References1

OSV•added 2024/11/15 12:3 a.m.•3 views

OSV-2024-1310 Use-of-uninitialized-value in decompress_yuv.cc

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=378750938 Crash type: Use-of-uninitialized-value Crash state: decompressyuv.cc...

7.2AI score

Exploits0References1

Apache Tomcat•added 2024/11/09 12:0 a.m.•36 views

Fixed in Apache Tomcat 9.0.97

Important: XSS in generated JSPs CVE-2024-52318 The fix for improvement 69333 caused pooled JSP tags not to be released after use which in turn could cause output of some tags not to escaped as expected. This unescaped output could lead to XSS. This was fixed with commit 9813c5dd. This issue was...

6.1CVSS7AI score0.15467EPSS

Exploits1Affected Software1

OSV•added 2024/10/30 12:15 p.m.•15 views

CVE-2024-10525

In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its onsubscribe callback. This affects the mosquittosub and mosquittorr clients...

9.8CVSS6.8AI score

Exploits0References4

OSV•added 2024/10/29 2:36 p.m.•9 views

CVE-2024-50334 Semicolon Path Injection on API /api;/config

Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT...

8.7CVSS7.2AI score0.10106EPSS

Exploits0References3

OSV•added 2024/10/01 8:23 p.m.•7 views

CVE-2024-47527 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device-dependencies.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name "hostname" parameter. This vulnerability can lead to t...

7.5CVSS5.4AI score0.0038EPSS

Exploits1References4

OSV•added 2024/09/18 4:10 a.m.•29 views

RHSA-2019:3335 Red Hat Security Advisory: python27:2.7 security and bug fix update

Bulletin has no description...

8.8CVSS7.5AI score0.71492EPSS

Exploits6References34

OSV•added 2024/09/16 5:2 p.m.•20 views

RHSA-2024:0242 Red Hat Security Advisory: java-17-openjdk security and bug fix update

Bulletin has no description...

7.5CVSS6.7AI score0.00319EPSS

Exploits0References28