CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

138 matches found

Github Security Blog•added 2023/06/15 9:30 p.m.•11 views

Magento Open Source allows Server-Side Request Forgery (SSRF)

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...

4.9CVSS7.1AI score0.00986EPSS

Exploits0References3Affected Software2

NVD•added 2023/06/15 7:15 p.m.•13 views

CVE-2023-29291

4.9CVSS5.1AI score0.00986EPSS

Exploits0References1

NVD•added 2023/06/15 7:15 p.m.•14 views

CVE-2023-29292

4.9CVSS5.1AI score0.00861EPSS

Exploits0References1

OSV•added 2023/06/15 7:15 p.m.•21 views

CVE-2023-29292

4.9CVSS7.1AI score

Exploits0References1

OSV•added 2023/06/15 7:15 p.m.•20 views

CVE-2023-29291

4.9CVSS7.1AI score

Exploits0References1

Prion•added 2023/06/15 7:15 p.m.•17 views

Server side request forgery (ssrf)

3.3CVSS5.8AI score0.00986EPSS

Exploits0References1Affected Software2

Cvelist•added 2023/06/15 12:0 a.m.•16 views

CVE-2023-29291 Server Side Request Forgery (SSRF) in USPS carrier integration configuration

4.9CVSS5.4AI score0.00986EPSS

Exploits0References1

CVE•added 2023/06/15 12:0 a.m.•108 views

CVE-2023-29292

CVE-2023-29292 affects Adobe Commerce (Magento) variants, including 2.4.6 and earlier, 2.4.5-p2 and earlier, and 2.4.4-p3 and earlier. The issue is a Server-Side Request Forgery (SSRF) that lets an admin-privileged, authenticated attacker force the application to make arbitrary URL requests, pote...

4.9CVSS5.5AI score0.00861EPSS

Exploits0References1Affected Software2

Adobe•added 2023/06/13 12:0 a.m.•180 views

APSB23-35 : Security update available for Adobe Commerce

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, security feature bypass and arbitrary file system read...

7.4AI score

Exploits0Affected Software2

BDU FSTEC•added 2023/05/29 12:0 a.m.•3 views

The vulnerability of the libxpc library in MacOS operating systems allows attackers to modify any part of the file system at will.

The vulnerability of the libxpc library in MacOS operating systems is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker to modify arbitrary parts of the file system...

5.3CVSS6.8AI score0.00682EPSS

Exploits0References3Affected Software1

NVD•added 2023/03/27 9:15 p.m.•22 views

CVE-2023-22247

Adobe Commerce versions 2.4.4-p2 and earlier and 2.4.5-p1 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of thi...

7.5CVSS7.7AI score0.00928EPSS

Exploits0References1

OSV•added 2023/03/27 9:15 p.m.•18 views

CVE-2023-22247

7.5CVSS7.6AI score

Exploits0References1

Prion•added 2023/03/27 9:15 p.m.•22 views

Design/Logic Flaw

5CVSS7.7AI score0.00928EPSS

Exploits0References1Affected Software2

Cvelist•added 2023/03/27 12:0 a.m.•28 views

CVE-2023-22247 Adobe Commerce XML Injection Arbitrary file system read

7.5CVSS7.9AI score0.00928EPSS

Exploits0References1

CVE•added 2023/03/27 12:0 a.m.•270 views

CVE-2023-22247

Adobe Commerce (Magento) XML Injection vulnerability CVE-2023-22247 affects 2.4.4-p2 and earlier, and 2.4.5-p1 and earlier. An unauthenticated attacker can force the application to make arbitrary requests by injecting URLs, potentially enabling arbitrary file system read. Impact is high for confi...

7.5CVSS7.7AI score0.00928EPSS

Exploits0References1Affected Software2

NVD•added 2023/03/23 8:15 p.m.•19 views

CVE-2023-26361

Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in Arbitrary file system read. Exploitation of this issue does not require user...

4.9CVSS4.9AI score0.62342EPSS

Exploits1References1

Prion•added 2023/03/23 8:15 p.m.•25 views

Path traversal

3.3CVSS5.2AI score0.62342EPSS

Exploits1References1Affected Software1

CVE•added 2023/03/23 12:0 a.m.•94 views

CVE-2023-26361

CVE-2023-26361 is an Adobe ColdFusion path-traversal vulnerability affecting 2018 Update 15 and earlier and 2021 Update 5 and earlier, enabling Arbitrary file system read. Exploitation does not require user interaction but requires administrator privileges. Remediation per APSB23-25 is to apply t...

4.9CVSS4.8AI score0.62342EPSS

Exploits1References1Affected Software1

Adobe•added 2023/03/14 12:0 a.m.•405 views

APSB23-17 : Security update available for Adobe Commerce

6.1AI score

Exploits0Affected Software2

Vulnrichment•added 2022/12/19 10:0 a.m.•7 views

CVE-2022-42343 Adobe Campaign Classic Server-Side Request Forgery Arbitrary file system read

Adobe Campaign version 7.3.1 and earlier and 8.3.9 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URL...

6.5CVSS6.5AI score0.01364EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by