Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoder#decodeHuff
Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvert
CVE-2024-48206
CRITICAL CVSS 9.8
Find Similar
A Deserialization of Untrusted Data vulnerability in chainer v7.8.1.post1 leads to execution of arbitrary code.
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted mes
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /log/dec
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLS
CVE-2024-53441
CRITICAL CVSS 9.1
Find Similar
An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack.
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. An attacker might trick a user into using an URL with a d parameter set to an unh
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\r), or newlin
A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation reque
Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.61 and 9.6.0-alpha.55, an authenticated user calling GET /users/me receive
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-
Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation. The chunked transfer-encoding parser in cow_http_te accepts an unbounded number o
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to exc
Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks (for example: serialization/de
An insecure deserialization vulnerability exists in the download.php script of the to3k Twittodon application through commit b1c58a7d1dc664b38deb486ca290779621342c0b (2023-02-28). The 'obj' parameter
multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename* parameter con
In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in fill_frame_info() Syzbot reports the following uninit-value access problem. =====================
CVE-2025-55398
CRITICAL CVSS 9.8
Find Similar
An issue was discovered in mouse07410 asn1c thru 0.9.29 (2025-03-20) - a fork of vlm asn1c. In UPER (Unaligned Packed Encoding Rules), asn1c-generated decoders fail to enforce INTEGER constraints when