CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2024/03/06 11:9 a.m.•33 views

BIT-TOMCAT-2022-42252 Apache Tomcat request smuggling via malformed content-length

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0 to 9.0.67, 10.0.0 to 10.0.26 or 10.1.0 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a request...

7.5CVSS6.7AI score0.0029EPSS

OSV•added 2024/03/06 10:57 a.m.•15 views

BIT-DRUPAL-2020-13668 Access bypass in Drupal Core 8/9

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

6.1CVSS6.5AI score0.00223EPSS

OSV•added 2024/03/06 10:57 a.m.•14 views

BIT-DRUPAL-2020-13670

Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prio...

7.5CVSS7.3AI score0.00427EPSS

CNNVD•added 2024/01/22 12:0 a.m.•2 views

Splunk Security Breach

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

4.6CVSS6.6AI score0.00155EPSS

CNNVD•added 2024/01/22 12:0 a.m.•1 views

Splunk Security Breach

6.5CVSS6.7AI score0.00069EPSS

Tenable Nessus•added 2023/03/08 12:0 a.m.•21 views

ZK Framework < 8.6.4.2 / 9.0.x < 9.0.1.3 / 9.5.x < 9.5.1.4 / 9.6.0.x < 9.6.0.2 / 9.6.x < 9.6.2 Authentication Bypass

ZK is a popular Java Web framework for building enterprise Web applications. By forging a POST request to the AuUpload ZK serverlets, an unauthenticated attacker can retrieve the content of a file located in the web context. No source data...

7.5CVSS8.4AI score0.93942EPSS

Exploits5References3

Tenable Nessus•added 2023/02/10 12:0 a.m.•17 views

HCLTech Domino SEoL (9.0.x)

According to its version, HCLTech Domino is 9.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 70300 C...

5.5AI score

OpenVAS•added 2023/01/03 12:0 a.m.•21 views

ISC BIND DoS Vulnerability (CVE-2016-1286) - Windows

ISC BIND is prone to a denial of service DoS vulnerability. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

8.6CVSS8.4AI score0.53591EPSS

Tenable Nessus•added 2022/08/11 12:0 a.m.•61 views

Palo Alto Networks PAN-OS 8.1.x < 8.1.23-h1 / 9.0.x < 9.0.16-h3 / 9.1.x < 9.1.14-h4 / 10.0.x < 10.0.11-h1 / 10.1.x < 10.1.6-h6 / 10.2.x < 10.2.2-h2 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.23-h1 or 9.0.x prior to 9.0.16-h3 or 9.1.x prior to 9.1.14-h4 or 10.0.x prior to 10.0.11-h1 or 10.1.x prior to 10.1.6-h6 or 10.2.x prior to 10.2.2-h2. It is, therefore, affected by a vulnerability. - A PAN-O...

8.6CVSS8.1AI score0.04682EPSS

ATTACKERKB•added 2022/07/27 9:15 p.m.•3 views

CVE-2022-36956

In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1...

9CVSS6.1AI score0.00357EPSS

NVD•added 2022/07/27 9:15 p.m.•12 views

CVE-2022-36956

9CVSS0.00357EPSS

Prion•added 2022/07/27 9:15 p.m.•13 views

Command injection

4.6CVSS7.7AI score0.00357EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/07/27 8:57 p.m.•20 views

CVE-2022-36956

9CVSS9.4AI score0.00357EPSS

OSV•added 2022/05/24 7:5 p.m.•27 views

GHSA-QF2G-MRRX-RR5P Drupal Core Cross-site scripting vulnerability

Cross-site scripting vulnerability in Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0.6...

6.1CVSS6AI score0.0034EPSS