CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

522 matches found

NVD•added 2024/10/29 10:15 p.m.•11 views

CVE-2024-44080

In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format...

7.5CVSS0.0052EPSS

Exploits0References2

NVD•added 2024/10/17 7:15 p.m.•21 views

CVE-2024-10100

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

7.5CVSS0.00612EPSS

Exploits1References1

Vulnrichment•added 2024/10/17 6:12 p.m.•13 views

CVE-2024-10100 Path Traversal in binary-husky/gpt_academic

6.5CVSS6.7AI score0.00612EPSS

Exploits1References1

NVD•added 2024/10/16 8:15 a.m.•12 views

CVE-2021-4452

The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary we...

7.1CVSS0.00471EPSS

Exploits0References4

CVE•added 2024/10/16 7:31 a.m.•68 views

CVE-2021-4452

CVE-2021-4452 affects the Google Language Translator plugin for WordPress (versions up to 6.0.9). The vulnerability is a Reflected Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping in multiple parameters, enabling authenticated attackers to inject scripts in ...

7.1CVSS5.6AI score0.00471EPSS

Exploits0References4Affected Software1

Cvelist•added 2024/10/16 7:31 a.m.•37 views

CVE-2021-4452 Google Language Translator <= 6.0.9 - Reflected Cross-Site Scripting

7.1CVSS0.00471EPSS

Exploits0References4

Microsoft CVE•added 2024/10/15 12:0 a.m.•6 views

CVE-2024-45590

...

7.5CVSS7.5AI score0.00824EPSS

Exploits1

OSV•added 2024/10/13 7:12 p.m.•7 views

BIT-MLFLOW-2024-3099

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...

5.4CVSS5.1AI score0.00442EPSS

Exploits1References1

Veracode•added 2024/09/11 7:31 a.m.•9 views

Denial Of Service (DoS)

body-parser is vulnerable to Denial Of Service DoS. The vulnerability is due to inadequate handling of url encoding in body-parser, which allows an attacker to flood the server with excessive requests, potentially disrupting the server’s availability...

7.5CVSS7.3AI score0.00824EPSS

Exploits1References3Affected Software2

OSV•added 2024/09/10 4:15 p.m.•2 views

AZL-49097 CVE-2024-45590 affecting package js-jquery 3.5.0-4

body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in...

7.5CVSS7AI score0.00824EPSS

Exploits1References1

OSV•added 2024/09/10 4:15 p.m.•4 views

AZL-49126 CVE-2024-45590 affecting package reaper for versions less than 3.1.1-13

7.5CVSS7AI score0.00824EPSS

Exploits1References1

OSV•added 2024/09/10 4:15 p.m.•5 views

DEBIAN-CVE-2024-45590

7.5CVSS8.1AI score0.00824EPSS

Exploits1References1

Cvelist•added 2024/09/10 3:54 p.m.•31 views

CVE-2024-45590 body-parser vulnerable to denial of service when url encoding is enabled

7.5CVSS0.00824EPSS

Exploits1References2

Vulnrichment•added 2024/09/10 3:54 p.m.•70 views

CVE-2024-45590 body-parser vulnerable to denial of service when url encoding is enabled

7.5CVSS7.2AI score0.00824EPSS

Exploits1References2

OSV•added 2024/09/10 3:52 p.m.•2 views

GHSA-QWCR-R2FM-QRC7 body-parser vulnerable to denial of service when url encoding is enabled

Impact body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. Patches this issue is patched in 1.20.3 References...

8.7CVSS6.9AI score0.00824EPSS

Exploits1References4

Github Security Blog•added 2024/09/10 3:52 p.m.•203 views

body-parser vulnerable to denial of service when url encoding is enabled

7.5CVSS6.5AI score0.00824EPSS

Exploits1References4Affected Software1

OSV•added 2024/09/09 9:31 p.m.•17 views

GHSA-G4GC-RH26-M3P5 Keycloak Open Redirect vulnerability

An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referreruri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it...

4.8CVSS6.2AI score0.00546EPSS

Exploits0References6

Github Security Blog•added 2024/09/09 9:31 p.m.•81 views

Keycloak Open Redirect vulnerability

6.1CVSS7AI score0.00546EPSS

Exploits0References6Affected Software1

OSV•added 2024/09/09 7:15 p.m.•40 views

CVE-2024-7260

6.1CVSS6.6AI score0.00546EPSS

Exploits0References4

NVD•added 2024/09/09 7:15 p.m.•52 views

CVE-2024-7260