CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

OSV•added 2026/06/01 3:52 p.m.•3 views

OPENSUSE-SU-2026:20853-1 Security update for hauler

This update for hauler fixes the following issues: Changes in hauler: - update x/net to v0.55.0 bsc1266602, CVE-2026-39821...

9.6CVSS5.8AI score0.0005EPSS

Exploits0References2

Snyk•added 2026/05/22 5:42 p.m.•5 views

Inefficient Algorithmic Complexity

Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in parse.go, when checking attributes iteratively. An attacker can cause excessive CPU consumption by...

7.5CVSS5.8AI score0.00061EPSS

Exploits0References3

RedhatCVE•added 2026/02/15 1:19 a.m.•4 views

CVE-2026-24853

Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This...

9.8CVSS5.5AI score0.00065EPSS

Exploits0References1

Vulnrichment•added 2026/02/13 10:19 p.m.•4 views

CVE-2026-24853 Caido has an insufficient patch for DNS rebind leading to RCE

8.1CVSS5.6AI score0.00065EPSS

Exploits0References1

ATTACKERKB•added 2026/02/13 10:19 p.m.•4 views

CVE-2026-24853

8.1CVSS5.5AI score0.00065EPSS

Exploits0References2Affected Software1

OSV•added 2026/02/13 10:19 p.m.•3 views

CVE-2026-24853 Caido has an insufficient patch for DNS rebind leading to RCE

8.1CVSS5.5AI score0.00065EPSS

Exploits0References3

Cvelist•added 2026/02/13 10:19 p.m.•26 views

CVE-2026-24853 Caido has an insufficient patch for DNS rebind leading to RCE

8.1CVSS0.00065EPSS

Exploits0References1

Positive Technologies•added 2026/02/13 12:0 a.m.•4 views

PT-2026-8042

Name of the Vulnerable Software and Affected Versions Caido versions prior to 0.55.0 Description Caido is a web security auditing toolkit. Before version 0.55.0, the software blocked connections from non-whitelisted domains attempting to reach the 8080 port, displaying a message indicating the...

8.1CVSS5.4AI score0.00065EPSS

Exploits0References7

OSV•added 2025/10/10 4:15 p.m.•2 views

AZL-68778 CVE-2025-59530 affecting package coredns for versions less than 1.11.4-11

quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authenticatio...

7.5CVSS6AI score0.00028EPSS

Exploits0References1

OSV•added 2023/12/13 9:49 p.m.•3 views

CVE-2023-47620 Scrypted reflected Cross-site Scripting vulnerability

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code...

6.1CVSS6AI score0.00219EPSS

Exploits1References4

CNNVD•added 2023/12/13 12:0 a.m.•2 views

Scrypted Cross-Site Scripting Vulnerability

Scrypted is a high-performance home video integration platform with intelligent detection by the individual developer Koushik Dutta. A cross-site scripting vulnerability exists in Scrypted 0.55.0 and earlier versions, which stems from the presence of a reflective cross-site scripting vulnerabilit...

6.1CVSS6.1AI score0.00098EPSS

Exploits1References3

CNVD•added 2017/06/08 12:0 a.m.•4 views

Poppler pdfunite Denial of Service Vulnerability

Poppler is a C++ class library for generating PDF, the library is inherited from Xpdf PDF reader. pdfunite is a Ruby wrapper. Poppler 0.55.0 and previous versions of pdfunit has a security vulnerability. An attacker can exploit this vulnerability to cause a denial of service...

5.5CVSS6.8AI score0.00216EPSS

Exploits1References1