CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5836 matches found

Cvelist•added 2023/01/18 12:0 a.m.•31 views

CVE-2022-4235

RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives...

5.8AI score0.00566EPSS

Exploits1References1

Zero Day Initiative•added 2023/01/18 12:0 a.m.•27 views

Adobe Acrobat Reader DC Font Parsing Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

7.8CVSS7.8AI score0.04945EPSS

Exploits0References1

Zero Day Initiative•added 2023/01/18 12:0 a.m.•36 views

Adobe Acrobat Reader DC Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.02574EPSS

Exploits0References1

CVE•added 2023/01/18 12:0 a.m.•93 views

CVE-2023-0040

CVE-2023-0040 affects Async HTTP Client prior to 1.13.2. The root cause is insufficient validation of HTTP header field values, enabling CRLF injection that can inject new HTTP header fields or requests into the data stream. Impact described in the connected documents notes that remote servers ma...

7.5CVSS7.7AI score0.00549EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/01/18 12:0 a.m.•7 views

CVE-2022-4235

5.8AI score0.00566EPSS

Exploits1References1

UbuntuCve•added 2023/01/17 9:15 p.m.•277 views

CVE-2023-22727

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

9.8CVSS7.1AI score0.00858EPSS

Exploits0References4

CNNVD•added 2022/12/08 12:0 a.m.•3 views

SAMSUNG Gear IconX PC Manager 数据伪造问题漏洞

SAMSUNG Gear IconX PC Manager is used to transfer music files from PC to Gear IconX by Samsung South Korea. A security vulnerability exists in SAMSUNG Gear IconX PC Manager versions prior to 2.1.221019.51, which stems from insufficient validation of data authenticity. An attacker could exploit th...

7.1CVSS6AI score0.00148EPSS

Exploits0References2

Microsoft CVE•added 2022/12/05 8:0 a.m.•47 views

Chromium: CVE-2022-4190 Insufficient data validation in Directory

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS8.4AI score0.00662EPSS

Exploits0

CVE•added 2022/12/01 8:38 p.m.•70 views

CVE-2022-41968

Nextcloud Server vulnerability CVE-2022-41968: calendar name lengths were not validated before writing to the database, affecting versions prior to 23.0.10 and 24.0.5. Patches are available in 23.0.10 and 24.0.5; no public workarounds are documented. Connected advisories corroborate the issue as ...

5.3CVSS4.5AI score0.00846EPSS

Exploits0References3Affected Software1

Nextcloud•added 2022/12/01 9:31 a.m.•26 views

Calendar name length not validated before writing to database

None...

5.3CVSS5.5AI score0.00846EPSS

Exploits0References2Affected Software1

OSV•added 2022/11/30 12:15 a.m.•16 views

CVE-2022-4190

Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.2AI score

Exploits0References4

NVD•added 2022/11/30 12:15 a.m.•14 views

CVE-2022-4190

8.8CVSS0.00662EPSS

Exploits0References4

OSV•added 2022/11/30 12:15 a.m.•1 views

DEBIAN-CVE-2022-4190

8.8CVSS8.4AI score0.00662EPSS

Exploits0References1

UbuntuCve•added 2022/11/30 12:15 a.m.•23 views

CVE-2022-4190

8.8CVSS7.2AI score0.00662EPSS

Exploits0References3

Prion•added 2022/11/30 12:15 a.m.•18 views

Input validation

6.8CVSS7.8AI score0.00662EPSS

Exploits0References4Affected Software1

CNNVD•added 2022/11/30 12:0 a.m.•3 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that is caused by insufficient data validation in Directory. An attacker can exploit this vulnerability to bypass security restrictions...

8.8CVSS8.6AI score0.00662EPSS

Exploits0References7

CNVD•added 2022/11/30 12:0 a.m.•26 views

Google Chrome Security Bypass Vulnerability (CNVD-2023-04547)

8.8CVSS8.3AI score0.00662EPSS

Exploits0References1

CNVD•added 2022/11/29 12:0 a.m.•22 views

uatech Badaso Remote Command Execution Vulnerability

Badaso is an open source Laravel Vue headless CMS. A remote command execution vulnerability exists in uatech Badaso version 2.6.3, which stems from a failure to properly validate user uploaded data and can be exploited by an unauthenticated, remote attacker to remotely execute arbitrary code on t...

9.8CVSS9.8AI score0.01813EPSS

Exploits1References1