Search Vulnerabilities

fast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS)

Apr 9, 2026

CVE-2026-34574

Parse Server: Session field immutability bypass via falsy-value guard

CVE-2026-34210

mppx has Stripe charge credential replay via missing idempotency check

CVE-2026-32322

soroban-sdk: `Fr` scalar field equality comparison bypasses modular reduction

Mar 12, 2026

CVE-2026-26275

httpsig-hyper has Improper Digest Verification that May Allow Message Integrity Bypass

Feb 19, 2026

CVE-2026-21691

iccDEV has Type Confusion in CIccTag:IsTypeCompressed()

Jan 7, 2026

CVE-2025-20343

Cisco Identity Services Engine Radius Suppression Denial of Service Vulnerability

CVE-2025-12192

The Events Calendar <= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure

CVE-2025-47416

ConsoleFindCommandMatchList

Sep 9, 2025

CVE-2025-9401

HuangDou UTCMS Login login.php comparison

Aug 25, 2025

CVE-2025-48952

NetAlertX has Password Bypass Vulnerability due to Loose Comparison in PHP

Jul 4, 2025

CVE-2025-3102

SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation

Apr 10, 2025

CVE-2024-53861

Issuer field partial matches allowed in pyjwt

Nov 29, 2024

CVE-2024-39534

Junos OS Evolved: Connections to the network and broadcast address accepted

Oct 11, 2024

CVE-2024-41958

Two-Factor Authentication (2FA) Bypass in mailcow: dockerized

Aug 5, 2024

CVE-2024-24621

Softaculous Webuzo Authentication Bypass

Jul 25, 2024

CVE-2024-34340

Authentication Bypass when using using older password hashes

May 13, 2024

CVE-2024-28246

KaTeX is missing normalization of the protocol in URLs allows bypassing forbidden protocols

Mar 25, 2024

CVE-2024-29026

Owncast cross origin request

Mar 20, 2024

CVE-2015-10129

planet-freo auth.inc.php comparison

Feb 4, 2024

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

CVE-2026-35040

fast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS)

Apr 9, 2026

CVE-2026-34574

Parse Server: Session field immutability bypass via falsy-value guard

CVE-2026-34210

mppx has Stripe charge credential replay via missing idempotency check

CVE-2026-32322

soroban-sdk: `Fr` scalar field equality comparison bypasses modular reduction

Mar 12, 2026

CVE-2026-26275

httpsig-hyper has Improper Digest Verification that May Allow Message Integrity Bypass

Feb 19, 2026

CVE-2026-21691

iccDEV has Type Confusion in CIccTag:IsTypeCompressed()

Jan 7, 2026

CVE-2025-20343

Cisco Identity Services Engine Radius Suppression Denial of Service Vulnerability

CVE-2025-12192

The Events Calendar <= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure

CVE-2025-47416

ConsoleFindCommandMatchList

Sep 9, 2025

CVE-2025-9401

HuangDou UTCMS Login login.php comparison

Aug 25, 2025

CVE-2025-48952

NetAlertX has Password Bypass Vulnerability due to Loose Comparison in PHP

Jul 4, 2025

CVE-2025-3102

SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation

Apr 10, 2025

CVE-2024-53861

Issuer field partial matches allowed in pyjwt

Nov 29, 2024

CVE-2024-39534

Junos OS Evolved: Connections to the network and broadcast address accepted

Oct 11, 2024

CVE-2024-41958

Two-Factor Authentication (2FA) Bypass in mailcow: dockerized

Aug 5, 2024

CVE-2024-24621

Softaculous Webuzo Authentication Bypass

Jul 25, 2024

CVE-2024-34340

Authentication Bypass when using using older password hashes

May 13, 2024

CVE-2024-28246

KaTeX is missing normalization of the protocol in URLs allows bypassing forbidden protocols

Mar 25, 2024

CVE-2024-29026

Owncast cross origin request

Mar 20, 2024

CVE-2015-10129