CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4774 matches found

IBM Security Bulletins•added 2023/03/28 9:19 p.m.•23 views

Security Bulletin: There are several vulnerabilities in TinyMCE used by IBM Maximo Manage application in IBM Maximo Application Suite

Summary There are several vulnerabilities in TinyMCE used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-23494 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote...

6.1CVSS6.3AI score0.00905EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2023/03/28 1:29 p.m.•31 views

Security Bulletin: There is a security vulnerability in TinyMCE used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-23494)

Summary There is a security vulnerability in TinyMCE used by IBM Maximo for Civil Infrastructure in Maximo Application Suite Vulnerability Details CVEID:CVE-2022-23494 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote...

6.1CVSS5.8AI score0.00905EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2023/03/13 4:37 p.m.•44 views

Security Bulletin: EBICS Client of IBM Sterling B2B Interator vulnerable to multiple issues due to jQuery

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in jQuery. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated...

6.9CVSS7.2AI score0.99019EPSS

Exploits19Affected Software1

F5 Networks•added 2023/02/21 8:2 p.m.•21 views

K58243048: Considerations for transferring files from F5 devices

Security Advisory Description The BIG-IP system uses Secure Vault, a secure SSL-encrypted storage system, to securely store sensitive data such as SSL key passphrases, users, and administrator and services passwords. However, files transferred from an F5 device including products listed in the...

6.8AI score

Exploits0

CNNVD•added 2023/02/15 12:0 a.m.•2 views

ScreenCheck BadgeMaker 安全漏洞

ScreenCheck BadgeMaker is a suite of applications from ScreenCheck that allow clients to design, create and manipulate identity badges. A security vulnerability exists in ScreenCheck BadgeMaker version 2.6.2.0, which stems from the presence of an information leak that can be exploited by an insid...

7.5CVSS7.3AI score0.00503EPSS

Exploits1References2

IBM Security Bulletins•added 2023/02/01 8:8 p.m.•79 views

Security Bulletin: Vulnerability in bpmn affects IBM Process Mining . WS-2019-0148

Summary There is a vulnerability in bpmn that could allow a remote attacker to execute a malicious script due to XSS. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details IBM X-Force ID: 221056 DESCRIPTION...

7.2AI score

Exploits0Affected Software1

OpenVAS•added 2023/01/27 12:0 a.m.•17 views

Ubuntu: Security Advisory (USN-4769-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.6AI score0.05199EPSS

Exploits0References2

CNNVD•added 2023/01/23 12:0 a.m.•4 views

Pgpool-II 安全漏洞

Pgpool-II is an open source cluster management tool from PgPool Global Development Group. Pgpool-II has a security vulnerability that originates from the authentication information of a specific database user may be obtained by other database users, the information stored in the database may be...

6.5CVSS6.6AI score0.00704EPSS

Exploits0References5

IBM Security Bulletins•added 2023/01/03 3:55 p.m.•62 views

Security Bulletin: B2B API of IBM Sterling B2B Integrator vulnerable to multiple issues due to CKEditor

Summary IBM Sterling B2B Integrator has addressed the CKEditor security vulnerabilities in B2B API. Vulnerability Details CVEID:CVE-2021-32808 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the clipboard Widget plugin if used...

8.2CVSS7.3AI score0.02448EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/10/06 4:41 a.m.•37 views

Security Bulletin: A vulnerability in Apache CXF affects IBM Tivoli Business Service Manager (CVE-2020-13954)

Summary A vulnerability has been identified in Apache CXF shipped with IBM Tivoli Business Manager 6.2.0 as part of its web service infrastructure. Information about security vulnerabilities affecting Apache CXF has been published in a security bulletin. Vulnerability Details CVEID:CVE-2020-13954...

6.1CVSS6.6AI score0.42993EPSS

Exploits0Affected Software1

NVD•added 2022/09/29 3:15 a.m.•15 views

CVE-2012-2160

IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPPTEMPLATEFLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security...

6.1CVSS0.00931EPSS

Exploits0References2

IBM Security Bulletins•added 2022/09/25 11:13 p.m.•25 views

Security Bulletin: Possible Security Exposure in WebSphere Application Server CVE-2013-0597 PM85834

Abstract Potential security exposure in WebSphere Application Server Content VULNERABILITY DETAILS: CVE ID:CVE-2013-0597 PM85834 and PM87131 DESCRIPTION: WebSphere Application Server using OAuth could allow a remote attacker to obtain someone else's credentials. A remote attacker could exploit th...

3.5CVSS7.6AI score0.01449EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/09/25 11:9 p.m.•26 views

Security Bulletin: Cross-Site Scripting vulnerability exists in IBM InfoSphere Master Data Management - Collaborative Edition (CVE-2013-4036)

Abstract IBM InfoSphere Master Data Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious scripts into a web page which would be executed in a victim's web browser within the...

3.5CVSS0.2AI score0.00759EPSS

Exploits0Affected Software2

IBM Security Bulletins•added 2022/09/25 10:31 p.m.•17 views

Security Bulletin: IBM Tivoli Directory Server Cross-Site scripting vulnerability with the Web Admin Tool (CVE-2012-0740)

Abstract IBM Tivoli Directory Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Web Admin Tool. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-0740 DESCRIPTION: IBM Tivoli Directory Server TDS is vulnerable to cross-site scripting, caused b...

4.3CVSS6.2AI score0.01951EPSS

Exploits0Affected Software1

CNVD•added 2022/09/16 12:0 a.m.•26 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-87162)

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. Adobe Experience Manager has a cross-site scripting vulnerability that could be exploited by attackers to steal a victim's cookie-based authentication...

5.4CVSS3.9AI score0.0051EPSS

Exploits0References1

CNVD•added 2022/09/16 12:0 a.m.•25 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-87163)

5.4CVSS3.9AI score0.0051EPSS

Exploits0References1

OSV•added 2022/09/14 11:15 a.m.•28 views

CVE-2022-36436

OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacke...

9.8CVSS9.6AI score0.01636EPSS

Exploits1References4

IBM Security Bulletins•added 2022/08/30 4:38 p.m.•60 views

Security Bulletin:IBM TRIRIGA discloses CVE-2019-10219

Summary IBM TRIRIGA discloses CVE-2019-10219 Vulnerability Details CVEID:CVE-2019-10219 DESCRIPTION: Hibernate-Validator is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the SafeHtml validator annotation A remote attacker could exploit this...

6.5CVSS7.4AI score0.02167EPSS

Exploits0Affected Software1

NVD•added 2022/08/29 4:15 p.m.•17 views

CVE-2022-27546

HCL iNotes is susceptible to a Reflected Cross-site Scripting XSS vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser with...

8.3CVSS0.00533EPSS

Exploits0References1

Cvelist•added 2022/08/29 4:0 p.m.•19 views

CVE-2022-27546 HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability

8.3CVSS7.8AI score0.00533EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by