Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4200 matches found

OSV
OSVadded 2020/01/30 7:15 p.m.2 views

DEBIAN-CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

6.5CVSS7.1AI score0.06617EPSS
Exploits1References1
OSV
OSVadded 2020/01/27 5:15 p.m.5 views

CVE-2019-19825

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an "topicurl":"setting/getSanvas" POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform...

9.8CVSS5.8AI score0.29557EPSS
Exploits3References4
Prion
Prionadded 2020/01/27 5:15 p.m.20 views

Design/Logic Flaw

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an "topicurl":"setting/getSanvas" POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform...

7.5CVSS9.2AI score0.29557EPSS
Exploits3References4Affected Software8
Cvelist
Cvelistadded 2020/01/27 4:50 p.m.31 views

CVE-2019-19825

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an "topicurl":"setting/getSanvas" POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform...

9.4AI score0.29557EPSS
Exploits3References4
ThreatPost
ThreatPostadded 2020/01/27 2:16 p.m.66 views

Mandatory IoT Security in the Offing with U.K. Proposal

The U.K. government has unveiled a proposed law aimed at securing internet of things IoT devices, which have historically been riddled with basic security issues. The drafted law, announced on Monday, comprises three main mandates for IoT manufacturers. First, all consumer IoT device passwords mu...

0.5AI score
Exploits0References12
ATTACKERKB
ATTACKERKBadded 2019/12/30 10:15 p.m.2 views

CVE-2013-0196

A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser...

6.5CVSS5.4AI score0.00435EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologiesadded 2019/12/30 12:0 a.m.5 views

PT-2019-6836 · Red Hat · Openshift Enterprise

Name of the Vulnerable Software and Affected Versions: OpenShift Enterprise version 1.2 Description: A CSRF issue was found in the web console, which uses 'Basic authentication', and the REST API lacks a CSRF attack protection mechanism. This allows an attacker to obtain credentials and the...

6.5CVSS6.3AI score0.00435EPSS
Exploits1References4
Metasploit
Metasploitadded 2019/12/26 10:12 a.m.71 views

Apache Solr Remote Code Execution via Velocity Template

This module exploits a vulnerability in Apache Solr 'Apache Solr Remote Code Execution via Velocity Template', 'Description' = %q This module exploits a vulnerability in Apache Solr = 8.3.0 which allows remote code execution via a custom Velocity template. Currently, this module only supports Sol...

7.5CVSS8.1AI score0.98567EPSS
Exploits12
BDU FSTEC
BDU FSTECadded 2019/12/23 12:0 a.m.6 views

The vulnerability of VBScript script handlers in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of VBScript script handlers in Windows operating systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, using a specially crafted web page or document...

7.6CVSS7.7AI score0.06435EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2019/12/13 10:15 p.m.32 views

CVE-2019-19796

Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file...

7.8CVSS7.7AI score0.00778EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2019/12/13 10:15 p.m.18 views

CVE-2019-19796

Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file...

7.8CVSS7.3AI score0.00778EPSS
Exploits1References2
Debian CVE
Debian CVEadded 2019/12/13 9:59 p.m.22 views

CVE-2019-19796

Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file...

7.8CVSS3.7AI score0.00778EPSS
Exploits1
Cvelist
Cvelistadded 2019/12/13 9:59 p.m.37 views

CVE-2019-19796

Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file...

7.7AI score0.00778EPSS
Exploits1References1
NVD
NVDadded 2019/12/11 4:15 a.m.24 views

CVE-2019-19720

Yabasic 2.86.1 has a heap-based buffer overflow in the yylex function in flex.c via a crafted BASIC source file...

8.8CVSS8.8AI score0.01249EPSS
Exploits1References2
OSV
OSVadded 2019/12/11 4:15 a.m.3 views

DEBIAN-CVE-2019-19720

Yabasic 2.86.1 has a heap-based buffer overflow in the yylex function in flex.c via a crafted BASIC source file...

8.8CVSS7.4AI score0.01249EPSS
Exploits1References1
OSV
OSVadded 2019/12/11 4:15 a.m.29 views

CVE-2019-19720

Yabasic 2.86.1 has a heap-based buffer overflow in the yylex function in flex.c via a crafted BASIC source file...

8.8CVSS7.2AI score
Exploits0References2
OSV
OSVadded 2019/12/11 4:15 a.m.1 views

UBUNTU-CVE-2019-19720

Yabasic 2.86.1 has a heap-based buffer overflow in the yylex function in flex.c via a crafted BASIC source file...

8.8CVSS7.5AI score0.01249EPSS
Exploits1References4
Debian CVE
Debian CVEadded 2019/12/11 3:22 a.m.22 views

CVE-2019-19720

Yabasic 2.86.1 has a heap-based buffer overflow in the yylex function in flex.c via a crafted BASIC source file...

8.8CVSS4.2AI score0.01249EPSS
Exploits1
Pen Test Partners Blog
Pen Test Partners Blogadded 2019/12/10 11:56 a.m.15 views

Xmas Light Security Improves… a bit

We've looked at smart Xmas lights before; whilst they were vulnerable, there was no consequence to the hack other than making them flash in a different order! In 2018 we looked at the all-new Twinkly smart festive lights. We found a number of security issues, reported them to the vendor and to a...

6.9AI score
Exploits0
NVD
NVDadded 2019/12/05 4:15 p.m.15 views

CVE-2013-0243

haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections...

7.4CVSS7.4AI score0.01047EPSS
Exploits0References3
Rows per page
Query Builder