CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

984 matches found

OSV•added 2026/06/15 8:15 p.m.•2 views

GHSA-9H5V-PFQQ-X599 UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`

Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...

5.3CVSS5.4AI score

Exploits0References2

Github Security Blog•added 2026/06/15 8:15 p.m.•12 views

UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`

5.4AI score

Exploits0References2Affected Software1

Positive Technologies•added 2026/06/15 12:0 a.m.•10 views

PT-2026-49551

5.3CVSS5.3AI score

Exploits0References3

CVE•added 2026/06/09 8:39 a.m.•17 views

CVE-2026-6899

CVE-2026-6899 affects the CycloneCrypto wrapper in the S2OPC library. The check for certificate revocation only reviews the first matching CRL and ignores other valid CRLs for the same CA, potentially allowing a revoked certificate to establish a connection between an OPC UA client and server. No...

5.6CVSS5.5AI score0.00108EPSS

Exploits0References1

CNNVD•added 2026/06/09 12:0 a.m.•9 views

S2OPC OPC UA Toolkit 安全漏洞

S2OPC OPC UA Toolkit is an open-source development toolkit for OPC UA communication, developed by Systerel. The S2OPC OPC UA Toolkit contains a security vulnerability. This vulnerability stems from the CycloneCrypto encryption wrapper, where certificate revocation checks only consider the first...

5.6CVSS5.3AI score0.00108EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:41 p.m.•7 views

CVE-2025-11482

An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service...

8.7CVSS5.4AI score0.00322EPSS

Exploits0References1

OSV•added 2026/06/05 12:0 a.m.•7 views

OPENSUSE-SU-2026:10964-1 libsofia-sip-ua-glib3-1.13.17+50-1.1 on GA media

These are all security issues fixed in the libsofia-sip-ua-glib3-1.13.17+50-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.2AI score0.02022EPSS

Exploits1References1

NVD•added 2026/05/26 2:16 p.m.•10 views

CVE-2025-11482

8.7CVSS0.00322EPSS

Exploits0References1

Vulnrichment•added 2026/05/26 11:43 a.m.•6 views

CVE-2025-11482 Allocation of Resources Without Limits or Throttling in the OPC-UA Server

8.7CVSS5.8AI score0.00322EPSS

Exploits0References1

EUVD•added 2026/05/26 11:43 a.m.•7 views

EUVD-2025-209928

8.7CVSS5.8AI score0.00322EPSS

Exploits0References1

Cvelist•added 2026/05/26 11:43 a.m.•36 views

CVE-2025-11482 Allocation of Resources Without Limits or Throttling in the OPC-UA Server

8.7CVSS0.00322EPSS

Exploits0References1

ATTACKERKB•added 2026/05/26 11:43 a.m.•6 views

CVE-2025-11482

8.7CVSS5.8AI score0.00322EPSS

Exploits0References2

ICS•added 2026/05/26 12:30 a.m.•7 views

B&R PPT30 Operating System

SUMMARY B&R is aware of a vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploits this vulnerability could make the OPC-UA server of the product inaccessible. 2. FREQUENTLY ASKED QUESTIONS What causes the vulnerability? - The vulnerability...

8.7CVSS5.7AI score0.00322EPSS

Exploits0References11

Circl•added 2026/05/21 3:31 p.m.•6 views

CVE-2026-48125

creationtimestamp| type| source ---|---|--- 2026-05-21 15:31:36+00:00| published-proof-of-concept| https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-9h5v-pfqq-x599...

5.8AI score

Exploits0References1

vulnersOsv•added 2026/05/07 2:59 a.m.•9 views

async-std-resolver (>=0.25.0-alpha.1 <=0.25.0-alpha.5), ezk-sip-ua (>=0.5.0 <=0.7.1) +3 more potentially affected by unknown CVE via hickory-proto (=0.25.0-alpha.5)

hickory-proto CARGO version =0.25.0-alpha.5 is affected by a known vulnerability. The following packages have a transitive dependency on hickory-proto and may be impacted: - async-std-resolver =0.25.0-alpha.1, =0.5.0, =0.25.0-alpha.1, =0.25.0-alpha.5 - hickory-resolver =0.25.0-alpha.1 Source cves...

5.8AI score

Exploits0

vulnersOsv•added 2026/05/01 12:0 p.m.•14 views

async-std-resolver (>=0.25.0-alpha.1 <=0.25.0-alpha.5), ezk-sip-ua (>=0.5.0 <=0.7.1) +3 more potentially affected by unknown CVE via hickory-proto (=0.25.0-alpha.5)

5.8AI score

Exploits0

Tenable Nessus•added 2026/05/01 12:0 a.m.•5 views

Wireshark 2.4.x < 2.4.10 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.4.10. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.4.10 advisory. - In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was...

7.5CVSS5.9AI score0.11499EPSS

Exploits0References6

Malwarebytes•added 2026/04/16 9:26 a.m.•3 views

A fake Slack download is giving attackers a hidden desktop on your machine

A trojanized Slack download from a typosquatting website is giving attackers something most users wouldn’t even know to look for: a hidden desktop running on their machine. The installer looks legitimate and even launches a working copy of Slack. But in the background, it can create an invisible...

6AI score

Exploits0

Tenable Nessus•added 2026/04/10 12:0 a.m.•1 views

Atlassian Jira Service Management Data Center and Server 5.17.2 < 10.3.17 / 10.4.x < 11.3.0 (JSDSERVER-16515)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16515 advisory. - Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are...

7.5CVSS7.3AI score0.01725EPSS

Exploits2References2