Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (21 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-29904 1 Jetbrains 1 Ktor 2025-07-12 5.3 Medium
In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible
CVE-2022-48476 1 Jetbrains 1 Ktor 2025-02-04 7.5 High
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
CVE-2023-34339 1 Jetbrains 1 Ktor 2025-01-08 3.3 Low
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
CVE-2024-49580 1 Jetbrains 1 Ktor 2024-12-06 5.3 Medium
In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure
CVE-2023-45613 1 Jetbrains 1 Ktor 2024-11-21 6.8 Medium
In JetBrains Ktor before 2.3.5 server certificates were not verified
CVE-2023-45612 1 Jetbrains 1 Ktor 2024-11-21 8.6 High
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
CVE-2022-38180 1 Jetbrains 1 Ktor 2024-11-21 5.3 Medium
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases
CVE-2022-38179 1 Jetbrains 1 Ktor 2024-11-21 4.7 Medium
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack
CVE-2022-29930 1 Jetbrains 1 Ktor 2024-11-21 8.7 High
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.
CVE-2022-29035 1 Jetbrains 1 Ktor 2024-11-21 3.3 Low
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations
CVE-2021-43203 1 Jetbrains 1 Ktor 2024-11-21 7.5 High
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.
CVE-2021-25763 1 Jetbrains 1 Ktor 2024-11-21 5.3 Medium
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.
CVE-2021-25762 1 Jetbrains 1 Ktor 2024-11-21 5.3 Medium
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
CVE-2021-25761 1 Jetbrains 1 Ktor 2024-11-21 5.3 Medium
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
CVE-2020-5207 1 Jetbrains 1 Ktor 2024-11-21 5.4 Medium
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.
CVE-2020-26129 1 Jetbrains 1 Ktor 2024-11-21 6.5 Medium
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
CVE-2019-19703 1 Jetbrains 1 Ktor 2024-11-21 6.1 Medium
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
CVE-2019-19389 1 Jetbrains 1 Ktor 2024-11-21 5.4 Medium
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
CVE-2019-12737 1 Jetbrains 1 Ktor 2024-11-21 5.3 Medium
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
CVE-2019-12736 1 Jetbrains 1 Ktor 2024-11-21 9.8 Critical
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.