CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1097 matches found

Nuclei•added 2026/06/16 7:13 a.m.•58 views

Openfire Administration Console - Authentication Bypass

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

8.6CVSS8AI score0.99998EPSS

Exploits15References5

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux – Vulnerability in Twisted

In words.protocols.jabber.xmlstream in Twisted through version 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to intercept connections...

7.4CVSS7AI score0.01817EPSS

Exploits0References2

Tenable Nessus•added 2026/05/01 12:0 a.m.•6 views

Wireshark 2.2.x < 2.2.12 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.2.12. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.2.12 advisory. - In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could...

7.5CVSS6.9AI score0.03116EPSS

Exploits0References13

FreeBSD•added 2026/04/20 12:0 a.m.•5 views

ejabberd -- Potential DDoS in XML Parser

ejabberd team reports: This release adds new options that limit max memory used by XML parser used to process XMPP payloads, to prevent potential Denial of Service attack. The default values for pre-auth provide sufficient protection for ejabberd against non-authenticated users on c2s and s2s, so...

5.8AI score

Exploits0References1

RedhatCVE•added 2026/01/09 12:41 p.m.•9 views

CVE-2023-25356

CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leverage...

8.8CVSS7.2AI score0.02145EPSS

Exploits3References1

RedhatCVE•added 2026/01/09 9:33 a.m.•6 views

CVE-2024-39094

Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...

5.4CVSS6.1AI score0.00323EPSS

Exploits1References1