Web CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-40532	1 Telegram	1 Web K Alpha	2024-11-21	9.8 Critical
Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension.
CVE-2021-37596	1 Telegram	1 Web K Alpha	2024-11-21	6.1 Medium
Telegram Web K Alpha 0.6.1 allows XSS via a document name.
CVE-2018-20436	1 Telegram	2 Telegram, Web	2024-11-21	N/A
The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more other Telegram products, such as Telegram Web-version 0.7.0. In addition, it can be interpreted as an SSRF issue. NOTE: a third party has reported that potentially unwanted behavior is caused by misconfiguration of the "Secret chats > Preview links" setting

Page 1 of 1.