CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

45 matches found

Github Security Blog•added 2026/05/15 4:21 p.m.•6 views

SimpleSAMLphp casserver: Open Redirect in logout

Summary The logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. There are a number of other things broke...

6.1CVSS5.8AI score0.00009EPSS

Exploits1References6Affected Software1

Positive Technologies•added 2026/05/12 12:0 a.m.•10 views

PT-2026-39940

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...

6.7CVSS5.8AI score0.00014EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в libsoup2.4

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server...

5.3CVSS5.8AI score0.00036EPSS

Exploits0References2

OSV•added 2026/02/13 12:16 p.m.•4 views

AZL-77889 CVE-2026-2443 affecting package libsoup 3.4.4-12

5.3CVSS5.8AI score0.00036EPSS

Exploits0References1

NVD•added 2026/02/13 12:16 p.m.•2 views

CVE-2026-2443

5.3CVSS0.00036EPSS

Exploits0References3

OSV•added 2026/02/13 12:16 p.m.•2 views

AZL-77894 CVE-2026-2443 affecting package libsoup 3.0.4-12

5.3CVSS7.2AI score0.00036EPSS

Exploits0References1

OSV•added 2026/02/13 12:16 p.m.•1 views

UBUNTU-CVE-2026-2443

5.3CVSS7.1AI score0.00036EPSS

Exploits0References4

Vulnrichment•added 2026/02/13 11:58 a.m.•5 views

CVE-2026-2443 Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure

5.3CVSS5.6AI score0.00036EPSS

Exploits0References3

RedhatCVE•added 2026/02/13 11:58 a.m.•4 views

CVE-2026-2443

5.3CVSS5.2AI score0.00036EPSS

Exploits0References4

Positive Technologies•added 2026/02/13 12:0 a.m.•2 views

PT-2026-7987

5.3CVSS5.6AI score0.00036EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 4:8 a.m.•7 views

CVE-2023-38543

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service DoS condition on the user machine...

8.8CVSS6.6AI score0.00498EPSS

Exploits0References1

Vulnrichment•added 2024/12/12 12:38 p.m.•6 views

CVE-2024-47947 Stored cross site scripting

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function...

6.7AI score0.00213EPSS

Exploits0References2

Vulnrichment•added 2024/11/20 8:36 a.m.•8 views

CVE-2024-10127 Support for authentication bypass condition in M-Files LDAP authentication

Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration...

9.2CVSS7.3AI score0.00095EPSS

Exploits0References2

Cvelist•added 2024/11/20 8:36 a.m.•12 views

CVE-2024-10127 Support for authentication bypass condition in M-Files LDAP authentication

9.2CVSS0.00095EPSS

Exploits0References2

GithubExploit•added 2024/09/16 1:11 p.m.•748 views

Exploit for CVE-2024-32651

CVE-2024-32651 changedetection --port --ip --notification...

10CVSS9.6AI score0.92087EPSS

Exploits5

Packet Storm•added 2024/04/24 12:0 a.m.•752 views

Nginx 1.25.5 Host Header Validation

Nginx = 1.25.5 $host variable validation bug Intro: In the "Host" header sent to Nginx web server you can't just insert a dot or something like that, because a filtering rules exists there. The ngxhttpvalidatehost function is responsible for filtering...

7.4AI score

Exploits0

Positive Technologies•added 2024/04/11 12:0 a.m.•3 views

PT-2024-22903 · Unknown · Ros2 Humble Hawksbill

Name of the Vulnerable Software and Affected Versions: ROS2 Humble Hawksbill version 2 Description: An issue was discovered in the default configurations of ROS2 Humble Hawksbill, allowing unauthenticated attackers to gain access using default credentials. Recommendations: For ROS2 Humble Hawksbi...

7.6AI score

Exploits0References2

Vulnrichment•added 2024/04/10 1:4 a.m.•18 views

CVE-2023-6236 Eap: oidc app attempting to access the second tenant, the user should be prompted to log

A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in...

7.3CVSS6.9AI score0.00061EPSS

Exploits0References5

Cvelist•added 2023/11/14 11:18 p.m.•15 views

CVE-2023-35080

A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information...

8.8CVSS7.8AI score0.01131EPSS

Exploits1References1

Vulnrichment•added 2023/11/14 11:18 p.m.•13 views

CVE-2023-38043

8.8CVSS7.3AI score0.00542EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by