CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2424 matches found

OSV•added 2023/04/06 2:15 p.m.•2 views

CVE-2023-25062

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin = 2.9.9.2.8 versions...

4.8CVSS5.8AI score

Exploits0References1

Packet Storm•added 2023/04/06 12:0 a.m.•208 views

EasyNas 1.1.0 Command Injection

Exploit Title: EasyNas 1.1.0 - OS Command Injection Date: 2023-02-9 Exploit Author: Ivan Spiridonov [email protected] Author Blog: https://xbz0n.medium.com Version: 1.0.0 Vendor home page : https://www.easynas.org Authentication Required: Yes CVE : CVE-2023-0830 !/usr/bin/python3 import...

8.8CVSS8.8AI score0.20862EPSS

Exploits5

ATTACKERKB•added 2023/04/05 11:0 p.m.•2 views

CVE-2023-20121

Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager EPNM, Cisco Identity Services Engine ISE, and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating...

6.7CVSS6.7AI score0.00201EPSS

Exploits0References2

Positive Technologies•added 2023/04/04 12:0 a.m.•3 views

PT-2023-19269 · Wpdevart · Wpdevart Responsive Vertical Icon Menu Plugin

Name of the Vulnerable Software and Affected Versions: wpdevart Responsive Vertical Icon Menu plugin versions 1.5.8 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability requires authentication with admin or higher privileges...

5.9CVSS4.8AI score0.00392EPSS

Exploits0References4

NCSC•added 2023/03/31 12:0 a.m.•40 views

Vulnerabilities fixed in IBM QRadar SIEM and User Behavior Analytics

IBM fixed vulnerabilities in QRadar SIEM and User Behavior Analytics. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of security...

9.8CVSS7.5AI score0.55367EPSS

Exploits71

OSV•added 2023/03/29 7:15 p.m.•15 views

CVE-2022-42425

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

8.8CVSS7.6AI score

Exploits0References1

OSV•added 2023/03/29 7:15 p.m.•15 views

CVE-2022-42424

8.8CVSS7.6AI score

Exploits0References1

Prion•added 2023/03/29 7:15 p.m.•7 views

Design/Logic Flaw

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the contact groups configuration page. The issue results from the lack of proper validation of a...

6.5CVSS8.9AI score0.76134EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2023/03/29 3:15 p.m.•0 views

CVE-2023-1575

The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS6AI score0.00373EPSS

Exploits0References3

Cvelist•added 2023/03/29 12:0 a.m.•37 views

CVE-2022-42426

7.2CVSS9.2AI score0.0287EPSS

Exploits0References1

Vulnrichment•added 2023/03/29 12:0 a.m.•9 views

CVE-2022-27643

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the...

8.8CVSS8.8AI score0.24927EPSS

Exploits0References2

Vulnrichment•added 2023/03/29 12:0 a.m.•10 views

CVE-2022-42425

7.2CVSS8.9AI score0.76134EPSS

Exploits0References1

Vulnrichment•added 2023/03/29 12:0 a.m.•5 views

CVE-2022-42426

7.2CVSS8.9AI score0.0287EPSS

Exploits0References1

Vulnrichment•added 2023/03/29 12:0 a.m.•7 views

CVE-2022-43622

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When...

8.8CVSS8.8AI score0.01006EPSS

Exploits0References2

OSV•added 2023/03/28 7:15 p.m.•2 views

CVE-2022-24973

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on...

8CVSS6.2AI score

Exploits0References1

NVD•added 2023/03/28 7:15 p.m.•25 views

CVE-2022-24973

8CVSS7.4AI score0.00718EPSS

Exploits0References1

OSV•added 2023/03/28 7:15 p.m.•3 views

CVE-2022-0650

8CVSS6.2AI score0.00724EPSS

Exploits0References1

Prion•added 2023/03/28 7:15 p.m.•18 views

Stack overflow

5.2CVSS8.1AI score0.00718EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/03/28 12:0 a.m.•10 views

CVE-2022-0650

6.8CVSS8.1AI score0.00724EPSS

Exploits0References1

CVE•added 2023/03/28 12:0 a.m.•91 views

CVE-2022-0650

This CVE affects TP-Link TL-WR940N routers (v3.20.1 Build 200316 Rel.34392n). The root cause is a lack of proper validation of the length of user-supplied data in the httpd service, copying into a fixed-length stack-based buffer. The vulnerability allows network-adjacent attackers to execute arbi...

8CVSS7.4AI score0.00724EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by