CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5104 matches found

Veracode•added 2021/07/14 11:46 a.m.•8 views

Information Disclosure

PuTTY is vulnerable to information disclosure. It proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt that the attacker can use to...

8.1CVSS6.3AI score0.01106EPSS

Exploits0References6Affected Software1

OSV•added 2021/07/09 9:15 p.m.•2 views

ALPINE-CVE-2021-36367

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt that the attacker can use to capture credential data, and use...

8.1CVSS7AI score0.01106EPSS

Exploits0References1

Prion•added 2021/07/09 9:15 p.m.•20 views

Design/Logic Flaw

5.8CVSS8AI score0.01106EPSS

Exploits0References3Affected Software1

OSV•added 2021/07/09 9:15 p.m.•2 views

UBUNTU-CVE-2021-36367

8.1CVSS7.2AI score0.01106EPSS

Exploits0References4

Hacker One•added 2021/07/03 5:36 p.m.•18 views

Glassdoor: CSS injection via link tag whitelisted-domain bypass - https://www.glassdoor.com

Summary: It is possible load an arbitrary .css file. Bypassing the protections by adding the domain https://www.glassdoor.com in a parameter/path. Affected URL or select Asset from In-Scope: -...

0.4AI score

Exploits0

OSV•added 2021/07/01 4:15 p.m.•6 views

CVE-2020-4935

IBM Datacap Fastdoc Capture IBM Datacap Navigator 9.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

5.4CVSS5.4AI score0.00495EPSS

Exploits0References2

NVD•added 2021/07/01 4:15 p.m.•21 views

CVE-2020-4935

5.4CVSS0.00495EPSS

Exploits0References2

OSV•added 2021/07/01 4:15 p.m.•5 views

CVE-2020-4902

IBM Datacap Taskmaster Capture IBM Datacap Navigator 9.1.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191045...

8.8CVSS6.8AI score0.00968EPSS

Exploits0References2

Prion•added 2021/07/01 4:15 p.m.•14 views

Cross site scripting

3.5CVSS5.1AI score0.00495EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/07/01 3:40 p.m.•23 views

CVE-2020-4935

5.4CVSS5.2AI score0.00495EPSS

Exploits0References2

CVE•added 2021/07/01 3:40 p.m.•70 views

CVE-2020-4935

CVE-2020-4935 affects IBM Datacap Fastdoc Capture (Datacap Navigator 9.1.7). A cross-site scripting (XSS) vulnerability allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The IBM Security Bulletin confirms the issue and pro...

5.4CVSS5.2AI score0.00495EPSS

Exploits0References2Affected Software1

CNVD•added 2021/07/01 12:0 a.m.•10 views

IBM Datacap Fastdoc Capture Cross-Site Scripting Vulnerability

IBM Datacap Fastdoc Capture is a client-only capture software solution from IBM USA that automatically indexes scanned documents for accurate storage and retrieval. A cross-site scripting vulnerability exists in IBM Datacap Fastdoc Capture that stems from a lack of proper validation of client-sid...

5.4CVSS6.2AI score0.00495EPSS

Exploits0References1

CNVD•added 2021/07/01 12:0 a.m.•8 views

IBM Datacap Taskmaster Capture SQL Injection Vulnerability

IBM Datacap Taskmaster Capture is a complete solution for document and data capture from IBM USA. Data and document images can be scanned, categorized, identified, validated, verified and exported quickly, accurately and cost-effectively. IBM Datacap Taskmaster Capture suffers from a SQL injectio...

8.8CVSS7.4AI score0.00968EPSS

Exploits0References1

ATTACKERKB•added 2021/06/30 12:0 a.m.•3 views

CVE-2020-4902

8.8CVSS5.7AI score0.00968EPSS

Exploits0References3Affected Software1

CNNVD•added 2021/06/30 12:0 a.m.•3 views

IBM Datacap Taskmaster Capture SQL注入漏洞

8.8CVSS6AI score0.00968EPSS

Exploits0References3

ATTACKERKB•added 2021/06/30 12:0 a.m.•2 views

CVE-2020-4935

5.4CVSS5AI score0.00495EPSS

Exploits0References3Affected Software1

CNNVD•added 2021/06/30 12:0 a.m.•3 views

IBM Datacap Fastdoc Capture 跨站脚本漏洞

5.4CVSS5.4AI score0.00495EPSS

Exploits0References3

Tenable Nessus•added 2021/06/28 12:0 a.m.•36 views

SUSE SLED15: libQt5Multimedia5 / libqt5-qtmultimedia-devel / etc (SUSE-SU-2021:2125-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2125-1 advisory. Update wireshark to version 3.4.5 - New and updated support and bug fixes for multiple protocols - Asynchronous DNS...

8.8CVSS7AI score0.04668EPSS

Exploits7References30

Tenable Nessus•added 2021/06/28 12:0 a.m.•31 views

openSUSE 15 Security Update : wireshark, libvirt, sbc, libqt5-qtmultimedia (openSUSE-SU-2021:0909-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0909-1 advisory. - Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted...

8.8CVSS7.2AI score0.04668EPSS

Exploits7References30

Prion•added 2021/06/24 4:15 p.m.•19 views

Sql injection

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the /api/trackedEntityInstances API endpoint in DHIS2 versions 2.34.4, 2.35.2,...

6.5CVSS8.9AI score0.00769EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by