CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33 matches found

OSV•added 2026/05/05 11:16 a.m.•2 views

UBUNTU-CVE-2026-6322

fast-uri normalize decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator...

7.5CVSS5.8AI score0.00011EPSS

Exploits0References4

Github Security Blog•added 2025/12/30 9:7 p.m.•8 views

URI Credential Leakage Bypass over CVE-2025-27221

Impact In affected URI version, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential...

7.5CVSS6.6AI score0.00156EPSS

Exploits0References11Affected Software1

RubySec•added 2025/10/07 12:0 a.m.•6 views

CVE-2025-61594 - URI Credential Leakage Bypass over CVE-2025-27221

In affected URI version, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. This vulnerability has been assigned the CVE identifier CVE-2025-61594. We recommend upgrading the uri gem. Details When using the + operator to combine URIs, sensitive information like...

7.5CVSS7.1AI score0.00156EPSS

Exploits0References1Affected Software1

OSV•added 2025/06/27 1:16 p.m.•1 views

OESA-2025-1701 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

7.5CVSS7AI score0.02116EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 3:37 a.m.•7 views

CVE-2023-28628

lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in questio...

6.5CVSS6.5AI score0.00227EPSS

Exploits1References1

Fedora•added 2025/03/15 12:55 a.m.•12 views

[SECURITY] Fedora 42 Update: libxml2-2.12.10-1.fc42

9.8CVSS7.1AI score0.00235EPSS

Exploits0

NVD•added 2023/03/27 9:15 p.m.•15 views

CVE-2023-28628

6.1CVSS5.9AI score0.00227EPSS

Exploits1References2

UbuntuCve•added 2023/03/27 9:15 p.m.•25 views

CVE-2023-28628

6.1CVSS6.3AI score0.00227EPSS

Exploits1References4

Prion•added 2023/03/27 9:15 p.m.•13 views

Design/Logic Flaw

5.8CVSS6AI score0.00227EPSS

Exploits1References2Affected Software1

OSV•added 2023/03/27 8:20 p.m.•18 views

CVE-2023-28628 `authority-regex` returns the wrong authority in lambdaisland/uri

5.4CVSS6.4AI score0.00227EPSS

Exploits1References4

Fedora•added 2022/10/25 1:13 p.m.•42 views

[SECURITY] Fedora 36 Update: libxml2-2.10.3-1.fc36

7.8CVSS0.5AI score0.0023EPSS

Exploits2

Fedora•added 2022/05/18 1:25 a.m.•41 views

[SECURITY] Fedora 34 Update: libxml2-2.9.14-1.fc34

6.5CVSS0.5AI score0.00074EPSS

Exploits5

Fedora•added 2020/09/25 5:47 p.m.•24 views

[SECURITY] Fedora 31 Update: libxml2-2.9.10-4.fc31

6.5CVSS0.5AI score0.00697EPSS

Exploits1

Fedora•added 2020/09/16 2:44 p.m.•48 views

[SECURITY] Fedora 32 Update: libxml2-2.9.10-7.fc32

7.5CVSS0.5AI score0.00697EPSS

Exploits1

CNVD•added 2018/06/15 12:0 a.m.•2 views

uri-js denial of service vulnerability

uri-js is a JavaScript library for parsing and validating URLs. A security vulnerability exists in the regular expressions used in uri-js 2.1.1 and earlier versions. An attacker can exploit the vulnerability to cause the program to hang and cause CPU usage to reach 100%...

6.8CVSS6.2AI score0.00217EPSS

Exploits1References1

Fedora•added 2018/02/14 5:11 p.m.•46 views

[SECURITY] Fedora 26 Update: libxml2-2.9.7-1.fc26

10CVSS0.5AI score0.15391EPSS

Exploits4

Fedora•added 2017/04/19 7:53 a.m.•49 views

[SECURITY] Fedora 24 Update: libxml2-2.9.4-2.fc24

10CVSS0.5AI score0.15391EPSS

Exploits11

OSV•added 2016/05/31 12:0 a.m.•1 views

UBUNTU-CVE-2016-1677

uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."...

6.5CVSS7AI score0.12632EPSS

Exploits0References4

Fedora•added 2015/11/30 11:26 p.m.•37 views

[SECURITY] Fedora 22 Update: libxml2-2.9.3-1.fc22

7.1CVSS0.5AI score0.02045EPSS

Exploits3

Fedora•added 2015/04/11 9:7 a.m.•41 views

[SECURITY] Fedora 20 Update: libxml2-2.9.1-4.fc20

5CVSS0.5AI score0.03894EPSS

Exploits2

Rows per page