CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

Tenable Nessus•added 2026/02/10 12:0 a.m.•3 views

RHEL 8 : php:7.4 (RHSA-2026:2470)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2470 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap...

9.8CVSS6.2AI score0.01153EPSS

Exploits10References29

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2003-1154

Malware in sbrugna...

4.3CVSS6.4AI score0.03594EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2015-0214

Malware in sbrugna...

4.3CVSS4.8AI score0.00293EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-17832

Malware in sbrugna...

6.1CVSS6.3AI score0.0024EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-0146

Malware in sbrugna...

6.1CVSS6.8AI score0.01819EPSS

Exploits1References21

SUSE Linux•added 2024/12/03 9:8 a.m.•2 views

Security update for php7

This update for php7 fixes the following issues: CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter bsc1233702. CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs bsc1233703. CVE-2024-8929: Leak partial content of the heap...

8.3CVSS6.8AI score0.01153EPSS

Exploits3References12

SUSE Linux•added 2024/12/02 12:26 p.m.•0 views

Security update for php8

This update for php8 fixes the following issues: CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter bsc1233702. CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs bsc1233703. CVE-2024-8929: Leak partial content of the heap...

8.8CVSS6.8AI score0.01153EPSS

Exploits4References16

SUSE CVE•added 2023/02/15 6:4 a.m.•1 views

SUSE CVE-2009-0796

Cross-site scripting XSS vulnerability in Status.pm in Apache::Status and Apache2::Status in modperl1 and modperl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI...

2.6CVSS6.1AI score0.59964EPSS

Exploits3References3

SUSE CVE•added 2023/02/15 5:37 a.m.•3 views

SUSE CVE-2013-3565

Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...

6.1CVSS6.1AI score0.00282EPSS

Exploits1References3

Cvelist•added 2021/11/11 9:45 p.m.•16 views

CVE-2021-3907 Arbitrary filepath traversal via URI injection

OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa, which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine...

7.4CVSS9.9AI score0.01889EPSS

Exploits0References4

Github Security Blog•added 2021/11/10 8:8 p.m.•32 views

Arbitrary filepath traversal via URI injection

9.8CVSS9.4AI score0.01889EPSS

Exploits0References9Affected Software1

OSV•added 2021/11/10 8:8 p.m.•16 views

GHSA-CQH2-VC2F-Q4FH Arbitrary filepath traversal via URI injection

7.4CVSS9.7AI score0.01889EPSS

Exploits0References9

NVD•added 2021/03/24 1:15 p.m.•9 views

CVE-2021-29029

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/editpersonalpage.php URI...

4.8CVSS0.00179EPSS

Exploits1References1

Prion•added 2021/03/24 1:15 p.m.•11 views

Cross site scripting

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/myimages.php URI...

3.5CVSS4.9AI score0.00179EPSS

Exploits1References1Affected Software1

Exploit DB•added 2019/08/30 12:0 a.m.•218 views

Canon PRINT 2.5.5 - Information Disclosure

Exploit Title: Content Provider URI Injection on Canon PRINT 2.5.5 CVE-2019-14339 Date: 24th July, 2019 Exploit Author: 0x48piraj Vendor Homepage: https://www.usa.canon.com/internet/portal/us/home/explore/printing-innovations/mobile-printing/canon-print-app Software Link:...

5.5CVSS5.8AI score0.04518EPSS

Exploits6

Packet Storm•added 2019/08/30 12:0 a.m.•245 views

Canon PRINT 2.5.5 URI Injection

5.5AI score0.04518EPSS

Exploits6

GithubExploit•added 2019/07/25 9:30 a.m.•110 views

Exploit for CVE-2019-14339

CVE-2019-14339 Content Provider URI Injection on Canon PRINT...

5.5CVSS6AI score0.04518EPSS

Exploits6

AlpineLinux•added 2019/06/10 11:34 a.m.•49 views

CVE-2019-12387

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

6.1CVSS6.5AI score0.01819EPSS

Exploits1

Hacker One•added 2019/04/02 6:42 p.m.•64 views

Mail.ru: SSRF

SSRF via URI injection in hou.my.com...

4.1AI score

Exploits0

OSV•added 2019/02/15 7:29 a.m.•1 views

UBUNTU-CVE-2019-8341

An issue was discovered in Jinja2 2.10. The fromstring function is prone to Server Side Template Injection SSTI where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and...

9.8CVSS7.2AI score0.25411EPSS

Exploits5References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by