CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

NVD•added 2025/12/02 7:15 p.m.•5 views

CVE-2025-66459

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...

6.1CVSS0.00028EPSS

Exploits0References4

RedhatCVE•added 2025/05/22 3:10 a.m.•6 views

CVE-2019-18370

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh...

9.8CVSS7.5AI score0.64013EPSS

Exploits2References1

SUSE CVE•added 2025/04/11 9:54 a.m.•2 views

SUSE CVE-2013-3708

The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 allows remote attackers to cause a denial of service via unspecified vectors...

5CVSS6.8AI score0.02627EPSS

Exploits0References4

Circl•added 2024/11/16 3:59 p.m.•2 views

RHSA-2025:0300

creationtimestamp| type| source ---|---|--- 2024-11-16 15:59:00+00:00| seen| https://bugzilla.redhat.com/showbug.cgi?id=2328846 2025-01-14 08:38:10+00:00| seen| https://infosec.exchange/users/cve/statuses/113825801178667187 2025-01-14 08:38:10+00:00| seen|...

4.8AI score

Exploits0References7

Snyk•added 2024/09/09 3:40 p.m.•2 views

Improper Validation of Unsafe Equivalence in Input

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the srcset attribute, which allows bypassing the imgSrcSanitizationTrustedUrlList allowlist. An attacke...

6.3CVSS6.8AI score0.00015EPSS

Exploits1References2

GithubExploit•added 2023/11/22 5:0 p.m.•913 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Owncloud Graph_Api

CVE-2023-49103 PoC for the CVE-2023-49103 Overview This Py...

10CVSS9AI score0.94329EPSS

Exploits5

GithubExploit•added 2022/06/29 5:33 p.m.•299 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 - conFLU PoC for exploiting CVE-2022-26134 on...

9.8CVSS9.3AI score0.94408EPSS

Exploits75

Kitploit•added 2019/12/18 9:1 p.m.•86 views

Secretx - Extracting API Keys And Secrets By Requesting Each URL At The Your List

Extracting api keys and secrets by requesting each url at the your list. Installation python3 -m pip install -r requirements.txt Usage python3 secretx.py --list urlList.txt --threads 15 optional arguments: --help --colorless Credits Thanks to @m4ll0k for patterns and @choudhary1337 inpsiring for...

7.3AI score

Exploits0References1

Kitploit•added 2019/12/05 8:30 p.m.•97 views

CORStest - A Simple CORS Misconfiguration Scanner

A simple CORSmisconfiguration scanner Based on theresearch of James Kettle CORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing CORS misconfigurations. It takes a text file as input which may contain a list of domain names or URLs. Currently, the following potential...

6.4AI score

Exploits0References1

Prion•added 2019/10/23 9:15 p.m.•14 views

Command injection

7.5CVSS9.7AI score0.64013EPSS

Exploits2References1Affected Software1

FreeBSD•added 2018/10/16 12:0 a.m.•517 views

MySQL -- multiple vulnerabilities

Oracle reports: Please reference CVE/URL list for details...

9.8CVSS1.8AI score0.13502EPSS

Exploits0References1

FreeBSD•added 2017/06/15 12:0 a.m.•34 views

rt and dependent modules -- multiple security vulnerabilities

BestPractical reports: Please reference CVE/URL list for details...

8.8CVSS7.4AI score0.0041EPSS

Exploits0References1

FreeBSD•added 2017/06/07 12:0 a.m.•13 views

GitLab -- Various security issues

GitLab reports: Please reference CVE/URL list for details...

1AI score

Exploits0References1

FreeBSD•added 2017/06/05 12:0 a.m.•31 views

chromium -- multiple vulnerabilities

Google Chrome releases reports: 30 security fixes in this release Please reference CVE/URL list for details...

8.8CVSS7.1AI score0.74378EPSS

Exploits1References1

OSV•added 2017/03/07 4:59 p.m.•0 views

UBUNTU-CVE-2016-8863

Heap-based buffer overflow in the createurllist function in gena/genadevice.c in Portable UPnP SDK aka libupnp before 1.6.21 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an...

9.8CVSS7.9AI score0.16075EPSS

Exploits0References3

FreeBSD•added 2016/11/25 12:0 a.m.•66 views

phpMyAdmin -- multiple vulnerabilities

Please reference CVE/URL list for details...

8.1CVSS1.8AI score0.01833EPSS

Exploits0References15

FreeBSD•added 2016/05/06 12:0 a.m.•33 views

squid -- multiple vulnerabilities

The squid development team reports: Please reference CVE/URL list for details...

8.6CVSS1.9AI score0.82841EPSS

Exploits1References3

Silent Robot Systems•added 2016/03/28 4:0 a.m.•15 views

Cloud Metadata URL List

Landed the SSRF Cloud Metadata technique in a few different scenarios recently. If you haven't seen the talk BHUSA 2014 - Bringing a Machete to the Amazon I recommend it. To make life a little easier created a living URL list for Metadata broken down by cloud. There are a few more than he discuss...

6.9AI score

Exploits0