CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1826 matches found

F5 Networks•added 2023/02/21 6:11 p.m.•37 views

K36926027: NGINX Controller vulnerability CVE-2021-23021

Security Advisory Description The agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644. CVE-2021-23021 Impact Local attackers are able to obtain the sensitive data, such as the API key. Security Advisory Status F5 Product Development...

5.5CVSS5.4AI score0.00085EPSS

Exploits0Affected Software1

Kitploit•added 2023/02/16 11:30 a.m.•106 views

Misp-Extractor - Tool That Connects To A MISP Instance And Retrieves Attributes Of Specific Types (Such As IP Addresses, URLs, And Hashes)

This code connects to a given MISP Malware Information Sharing Platform server and parses a given number of events, writing the IP addresses, URLs, and MD5 hashes found in the events to three separate files. Usage To use this script, you will need to provide the URL of your MISP instance and a...

7.3AI score

Exploits0References1

wpexploit•added 2023/02/16 12:0 a.m.•401 views

Campaign URL Builder < 1.8.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The shortcode need to be active can be done...

5.4CVSS5.6AI score0.00198EPSS

Exploits2

SUSE CVE•added 2023/02/15 3:27 a.m.•1 views

SUSE CVE-2022-24812

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...

8.8CVSS9.3AI score0.00261EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 3:21 a.m.•1 views

SUSE CVE-2023-22497

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has...

9.1CVSS7.7AI score0.00116EPSS

Exploits1References3

WPVulnDB•added 2023/02/02 12:0 a.m.•15 views

Usersnap < 4.17 - Admin+ Stored XSS

The plugin does not sanitise and escape its API Key settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00207EPSS

Exploits0Affected Software1

NVD•added 2023/02/01 6:15 p.m.•10 views

CVE-2022-43922

IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583...

6.5CVSS5.5AI score0.00148EPSS

Exploits0References2

OSV•added 2023/02/01 6:15 p.m.•11 views

CVE-2022-43922

6.5CVSS6.1AI score

Exploits0References2

Prion•added 2023/02/01 6:15 p.m.•7 views

Code injection

4CVSS6AI score0.00148EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/02/01 5:32 p.m.•10 views

CVE-2022-43922 IBM App Connect Enterprise Certified Container information disclosure

5.3CVSS6.2AI score0.00148EPSS

Exploits0References2

Vulnrichment•added 2023/02/01 5:32 p.m.•13 views

CVE-2022-43922 IBM App Connect Enterprise Certified Container information disclosure

5.3CVSS6AI score0.00148EPSS

Exploits0References2

Snyk•added 2023/01/27 12:30 a.m.•1 views

Improper Neutralization of Equivalent Special Elements

Overview Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements due to a possible HTML injection via deleting an account's API key that has a payload as its label. Remediation Upgrade BTCPayServer.Client to version 1.7.5 or higher. References -...

8.8CVSS7.2AI score0.0999EPSS

Exploits4References2

IBM Security Bulletins•added 2023/01/26 11:46 a.m.•27 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that run with designerFlowsOperationMode set to "all" may be vulnerable to loss of confidentiality due to CVE-2022-43922

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands that run with designerFlowsOperationMode set to "all" would require an API Key to be defined for a cloud-hosted instance of IBM App Connect. If an OpenShift secret was not created manually for this API Key then the...

6.5CVSS5.5AI score0.00148EPSS

Exploits0Affected Software1

Huntr•added 2023/01/20 4:5 a.m.•18 views

Stored HTML Injection

Team, I hope you are all doing well. . I wanted to bring to your attention a potential vulnerability on the website https://mainnet.demo.btcpayserver.org/account/apikeys. . During my research, I discovered that the api key label field is vulnerable to a stored HTML injection attack. Proof of...

6.5CVSS8.6AI score0.0999EPSS

Exploits4

Wallarm Lab•added 2023/01/19 2:2 p.m.•30 views

Introducing Proactive API Leak Management

Read the press release announcing the early release of Wallarm API Leak Management The recent surge in hacks involving leaked API Keys and other API secrets such as credentials, passwords, certificates, tokens and encryption keys has put everyone involved on notice – organizations need a way to...

0.2AI score

Exploits0

NVD•added 2023/01/14 2:15 a.m.•13 views

CVE-2023-22497

9.1CVSS7.8AI score0.00116EPSS

Exploits1References2

OSV•added 2023/01/14 2:15 a.m.•2 views

UBUNTU-CVE-2023-22497

9.1CVSS7.1AI score0.00116EPSS

Exploits1References5