CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/01/14 7:7 p.m.•1 views

EUVD-2026-2422

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

3.7CVSS6.2AI score0.00024EPSS

Positive Technologies•added 2026/01/12 12:0 a.m.•1 views

PT-2026-2977

It was discovered that Python's http.client did not properly handle the Content-Length header in HTTP responses. A malicious server could exploit this to cause Python to allocate excessive memory, leading to a denial of service...

9.1CVSS6.6AI score0.00215EPSS

Exploits0References3

NVD•added 2026/01/10 1:16 a.m.•2 views

CVE-2026-22026

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the libcurl writecallback function in the KMC...

8.2CVSS0.00099EPSS

Exploits1References3

OSV•added 2026/01/10 12:22 a.m.•2 views

CVE-2026-22026 CryptoLib Unbounded Memory Allocation in KMC HTTP Response Handler Allows Resource Exhaustion

8.2CVSS7AI score0.00099EPSS

Exploits1References5

Positive Technologies•added 2026/01/10 12:0 a.m.•2 views

PT-2026-2134

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3 Description CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP for secure communication between a spacecraft and a ground station. The write...

8.2CVSS6.6AI score0.00099EPSS

Exploits1References6

OSV•added 2026/01/08 5:15 p.m.•1 views

CVE-2025-61549

Cross-Site Scripting XSS is present on the LoginID parameter on the /PSP/app/web/reg/regdisplay.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.76. Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows...

6.1CVSS6.1AI score0.00068EPSS

Exploits2References1

Tenable Nessus•added 2025/12/31 12:0 a.m.•1 views

Unity Linux 20.1070e Security Update: python3 (UTSA-2025-993318)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993318 advisory. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to...

7.5CVSS7.3AI score0.00215EPSS

RedhatCVE•added 2025/12/03 7:5 p.m.•5 views

CVE-2025-52622

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...

5.4CVSS6.3AI score0.00028EPSS

NVD•added 2025/12/02 6:15 p.m.•1 views

CVE-2025-52622

5.4CVSS0.00028EPSS

CVE•added 2025/12/02 5:59 p.m.•5 views

CVE-2025-52622

Technical details about CVE-2025-52622 are not publicly provided in the supplied documents. Monitor for updates from Red Hat, NVD, and CVE records to obtain affected products, fixed versions, and remediation guidance.

5.4CVSS6AI score0.00028EPSS

Positive Technologies•added 2025/12/02 12:0 a.m.•1 views

PT-2025-48738

5.4CVSS6.3AI score0.00028EPSS

Tenable Nessus•added 2025/10/21 12:0 a.m.•1 views

Custom HTTP Header Detected

This is an informational notice that the scanner was able to detect custom HTTP headers in the target application's responses. No source data...

6.9AI score

Cvelist•added 2025/10/09 11:33 a.m.•5 views

CVE-2025-2934 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTT...

4.3CVSS0.00091EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-14503

Malware in sbrugna...

9.8CVSS9.2AI score0.00268EPSS

Cvelist•added 2025/09/09 2:11 a.m.•5 views

CVE-2025-42933 Insecure Storage of Sensitive Information in SAP Business One (SLD)

When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs. This leads to exposure of sensitive credentials within http response body. As a result, it has a high impact on the confidentiality, integrity, and availability of t...

8.8CVSS0.00055EPSS

CVE•added 2025/09/09 2:11 a.m.•11 views

CVE-2025-42933

CVE-2025-42933 affects SAP Business One through the SLD backend service, where a flaw in enforcing encryption of certain APIs exposes sensitive credentials in HTTP response bodies. The issue impacts confidentiality, integrity, and availability. CVSS 3.1 base score 8.8 (Network, Low attack complex...

8.8CVSS6.1AI score0.00055EPSS

Positive Technologies•added 2025/09/09 12:0 a.m.•1 views

PT-2025-36753

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.9 Ivanti Connect Secure versions prior to 22.8R2 Ivanti Policy Secure versions prior to 22.7R1.6 Ivanti ZTA Gateway versions prior to 2.8R2.3-723 Ivanti Neurons for Secure Access versions prior t...

6.1CVSS6.7AI score0.00026EPSS