CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

111 matches found

Tenable Nessus•added 2026/05/16 12:0 a.m.•9 views

Fedora 42 : python-jupytext (2026-793b55138d)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-793b55138d advisory. This update contains upgrades to various npm packages used during the build to address CVEs, namely: - CVE-2025-69873 ajv - CVE-2026-0540 DOMPurify ...

9.8CVSS6.5AI score0.00053EPSS

Exploits2References7

CNNVD•added 2026/05/05 12:0 a.m.•4 views

fast-uri 安全漏洞

fast-uri is an open-source, dependency-free RFC 3986 URI parser and toolkit developed by Fastify. Versions of fast-uri 3.1.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the normalize function decoding percent-encoded permission separators within the host...

7.5CVSS5.8AI score0.00012EPSS

Exploits0References1

vulnersOsv•added 2026/05/04 9:28 p.m.•3 views

@activepieces/piece-ai (>=0.3.1 <=0.3.4), @evertondgn/polyhive-cli (=0.1.62) +5 more potentially affected by CVE-2026-6321 via fast-uri (>=3.0.1 <=3.1.0)

fast-uri NPM version =3.0.1, =0.3.1, =5.4.3, =1.0.0, =1.0.0, =2.2.0, =2.3.1 Source cves: CVE-2026-6321 Source advisory: SNYK:JS-FASTURI-16642399...

7.5CVSS5.8AI score0.00053EPSS

Exploits0

OSV•added 2026/05/04 8:16 p.m.•2 views

DEBIAN-CVE-2026-6321

fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize and equal functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalized path. Applications...

7.5CVSS5.8AI score0.00053EPSS

Exploits0References1

Snyk•added 2026/04/16 9:38 p.m.•2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

7.7CVSS5.8AI score0.00027EPSS

Exploits0References2

Github Security Blog•added 2026/04/03 9:43 p.m.•5 views

Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow

Summary SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirecturi. Because the redirectUri configuration is silently unset by default, an attacker spoof the Host header to steal OAuth...

6.1CVSS6AI score0.00023EPSS

Exploits1References4Affected Software1

Github Security Blog•added 2026/03/19 7:37 p.m.•3 views

The Query Monitor plugin for WordPress has Reflected Cross-Site Scripting via Request URI

Impact The Query Monitor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'REQUESTURI' parameter in all versions up to, and including, 3.20.3 due to insufficient output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS5.9AI score0.00043EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2026/02/03 12:0 a.m.•2 views

RHEL 9 : openssh (RHSA-2026:1815)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1815 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

3.6CVSS6.2AI score0.00061EPSS

Exploits2References7

Tenable Nessus•added 2026/02/02 12:0 a.m.•2 views

RHEL 10 : openssh (RHSA-2026:1678)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1678 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

3.6CVSS6.2AI score0.00061EPSS

Exploits2References7

RedHat Linux•added 2026/01/22 9:20 a.m.•7 views

Moderate: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

3.6CVSS6.7AI score0.00061EPSS

Exploits2References3

Tenable Nessus•added 2026/01/14 12:0 a.m.•3 views

MiracleLinux 4 : libsoup-2.28.2-1.AXS4.1 (AXSA:2011-706:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-706:01 advisory. Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and...

5CVSS7.5AI score0.00853EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 11:29 a.m.•5 views

CVE-2021-27530

A cross-site scripting XSS vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php...

4.8CVSS5.8AI score0.00179EPSS

Exploits1References1

OSV•added 2025/11/28 7:46 a.m.•2 views

SUSE-SU-2025:21161-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2025-61984: code execution via control characters in usernames when a ProxyCommand is used bsc1251198. - CVE-2025-61985: code execution via '\0' character in ssh:// URI when a ProxyCommand is used bsc1251199...

3.6CVSS6.3AI score0.00061EPSS

Exploits2References5