CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Hacker One•added 2018/03/26 2:44 p.m.•105 views

X (Formerly Twitter): [dev.twitter.com] XSS and Open Redirect Protection Bypass

Description: Hi after I finish reading the report https://hackerone.com/reports/260744.i start to test this subdomain.i fount an interesting url https://dev.twitter.com/web/sign-inhttps://dev.twitter.com/basics/adding-international-support-to-your-apps.this url is special,my intuition tells me th...

6.8AI score

Hacker One•added 2018/03/15 11:6 p.m.•127 views

Uber: Reflected XSS on multiple uberinternal.com domains

The base parameter of /oidauth/prompt on multiple uberinternal.com subdomains was not sanitized before being reflected into the page body, making it vulnerable to reflected XSS. Additionally, these pages were affected by a clickjacking vulnerability that made exploitation easier, since a click wa...

1AI score

OSV•added 2018/03/09 7:29 p.m.•2 views

CVE-2016-0274

IBM Financial Transaction Manager FTM for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager FTM for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager FTM for Corporate Payment Services CPS for...

5.4CVSS5.8AI score0.00565EPSS

Prion•added 2018/03/09 7:29 p.m.•13 views

Code injection

3.5CVSS6.6AI score0.00565EPSS

NVD•added 2018/03/09 7:29 p.m.•16 views

CVE-2016-0274

5.4CVSS5.3AI score0.00565EPSS

Cvelist•added 2018/03/09 7:0 p.m.•18 views

CVE-2016-0274

5.3AI score0.00565EPSS

CVE•added 2018/03/09 7:0 p.m.•39 views

CVE-2016-0274

CVE-2016-0274 affects IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services on Multi-Platform 2.1.1.2 and 3.0.x before fp0013. The issue permits remote clickjacking via a crafted site, enabling an attacker to hijack the user’s clicking actions. IB...

5.4CVSS6.1AI score0.00565EPSS

CNVD•added 2018/02/27 12:0 a.m.•5 views

PrestaShop UI-Redressing Clickjacking Vulnerability

PrestaShop is a full-featured, cross-platform, free and open source e-commerce solution designed for web 2.0. A UI-Redressing clickjacking vulnerability exists in PrestaShop version 1.7.2.5 and earlier. The vulnerability occurs because the generateHtaccess function in classes/Tools.php sets neith...

7.5CVSS6.8AI score0.01119EPSS

Exploits0References1

Prion•added 2018/02/26 5:29 p.m.•16 views

Spoofing

In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors'...

5CVSS7.5AI score0.01119EPSS

NVD•added 2018/02/26 5:29 p.m.•20 views

CVE-2018-7491

7.5CVSS7.5AI score0.01119EPSS

OSV•added 2018/02/26 5:29 p.m.•18 views

CVE-2018-7491

7.5CVSS7AI score

Cvelist•added 2018/02/26 5:0 p.m.•23 views

CVE-2018-7491

7.5AI score0.01119EPSS

CVE•added 2018/02/26 5:0 p.m.•46 views

CVE-2018-7491

PrestaShop

7.5CVSS7.4AI score0.01119EPSS

CNVD•added 2018/02/26 12:0 a.m.•2 views

HPE Matrix Operating Environment Software and Systems Insight Manager Software Clickjacking Vulnerability (CNVD-2018-05096)

HPE Matrix Operating Environment Software and Systems Insight Manager SIM Software are both products of Hewlett Packard Enterprise HPE, U.S. HPE Matrix Operating Environment Software is a set of cloud management software designed for infrastructure services. HPE Matrix Operating Environment...

5.3CVSS6.8AI score0.01497EPSS

Exploits0References1

CNVD•added 2018/02/26 12:0 a.m.•3 views

HPE Matrix Operating Environment Software and Systems Insight Manager Software Clickjacking Vulnerability

6.5CVSS6.8AI score0.01599EPSS

Exploits0References1

Hacker One•added 2018/02/21 5:57 p.m.•56 views

Semrush: clickjacking to Semrush auth login

Description: Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on. this attack could be perform to semrush auth user because its direct...

6.5AI score

Tenable Nessus•added 2018/02/20 12:0 a.m.•43 views

GLSA-201802-03 : Mozilla Firefox: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201802-03 Mozilla Firefox: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. Impact : A remote attacker could entice a user to view...

10CVSS7.9AI score0.18902EPSS

Exploits50References83

Gentoo Linux•added 2018/02/20 12:0 a.m.•111 views

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. Impact A remote attacker could entice a user to view a specially crafte...

10CVSS9.5AI score0.18902EPSS

Exploits50

OSV•added 2018/02/15 10:29 p.m.•3 views

CVE-2017-8971

A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found...

4.3CVSS5.8AI score0.00772EPSS