CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

262 matches found

Prion•added 2023/04/02 9:15 p.m.•23 views

Input validation

HCL Compass is vulnerable to Cross-Origin Resource Sharing CORS. This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request...

6.8CVSS8.5AI score0.00219EPSS

Exploits0References1Affected Software1

CNNVD•added 2023/04/02 12:0 a.m.•2 views

HCL Compass 跨站请求伪造漏洞

HCL Technologies Compass is a low-code change management software from HCL Technologies, USA. It manages the full range of testing activities and integration with developer tools. A security vulnerability exists in HCL Compass that stems from the presence of a Cross Resource Sharing CORS...

9.6CVSS7.9AI score0.00219EPSS

Exploits0References2

Vulnrichment•added 2023/03/27 10:22 p.m.•8 views

CVE-2022-42447 Cross-origin resource sharing vulnerability affects HCL Compass

9.6CVSS9.2AI score0.00219EPSS

Exploits0References1

Cvelist•added 2023/03/27 10:22 p.m.•19 views

CVE-2022-42447 Cross-origin resource sharing vulnerability affects HCL Compass

9.6CVSS9.4AI score0.00219EPSS

Exploits0References1

CVE•added 2023/03/27 10:22 p.m.•60 views

CVE-2022-42447

HCL Compass is affected by a Cross-Origin Resource Sharing (CORS) vulnerability (CVE-2022-42447). The issue could allow an unprivileged remote attacker to trick a legitimate user into accessing a resource and issuing a malicious request. Documented CVSS metrics indicate a HIGH/CRITICAL impact wit...

9.6CVSS8.7AI score0.00219EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2023/03/27 12:0 a.m.•2 views

PT-2023-14115 · Hcl · Hcl Compass

Name of the Vulnerable Software and Affected Versions: HCL Compass affected versions not specified Description: The issue allows an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request due to a Cross-Origin Resource Sharing CO...

9.6CVSS8.5AI score0.00219EPSS

Exploits0References2

NVD•added 2022/07/15 12:15 p.m.•9 views

CVE-2022-30245

Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the...

6.5CVSS0.00125EPSS

Exploits0References3

ATTACKERKB•added 2022/07/15 12:15 p.m.•1 views

CVE-2022-30245

6.5CVSS6.7AI score0.00125EPSS

Exploits0References4

OSV•added 2022/07/15 12:15 p.m.•3 views

CVE-2022-30245

6.5CVSS5.8AI score

Exploits0References3

Prion•added 2022/07/15 12:15 p.m.•10 views

Design/Logic Flaw

4.3CVSS6.3AI score0.00125EPSS

Exploits0References3Affected Software1

CVE•added 2022/07/15 11:40 a.m.•59 views

CVE-2022-30245

CVE-2022-30245 affects Honeywell Alerton Compass Software 1.6.5. The flaw allows unauthenticated configuration changes from remote users, enabling a crafted packet to alter the controller’s configuration. The changed configuration may not be reflected in the User Interface, creating an inconsiste...

6.5CVSS6.3AI score0.00125EPSS

Exploits0References3Affected Software1

Cvelist•added 2022/07/15 11:40 a.m.•11 views

CVE-2022-30245

6.5AI score0.00125EPSS

Exploits0References3

CNNVD•added 2022/07/15 12:0 a.m.•2 views

Honeywell Alerton Compass 安全漏洞

Honeywell Alerton Compass is a building automation system from USAHoneywell. From customizable navigation to quick access to building data. A security vulnerability exists in Honeywell Alerton Compass version 1.6.5, which can be exploited by an attacker to send a crafted packet to change the...

6.5CVSS6.6AI score0.00125EPSS

Exploits0References4

NVD•added 2022/02/14 8:15 p.m.•13 views

CVE-2021-43106

A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online TWO 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the...

6.1CVSS0.00238EPSS

Exploits1References1

Prion•added 2022/02/14 8:15 p.m.•10 views

Design/Logic Flaw

5.8CVSS6.4AI score0.00238EPSS

Exploits1References1Affected Software2

Cvelist•added 2022/02/14 7:48 p.m.•12 views

CVE-2021-43106

6.6AI score0.00238EPSS

Exploits1References1

CVE•added 2022/02/14 7:48 p.m.•83 views

CVE-2021-43106

CVE-2021-43106 affects Compass Plus TranzWare Online FIMI Web Interface (TWO) version 5.3.33.3 F38 and FIMI 4.2.19.4. The root cause is improper validation/escaping of the HTTP Host header, leading the server to trust the Host header and redirect requests to a different Domain/IP. Documented impa...

6.1CVSS6.3AI score0.00238EPSS

Exploits1References1Affected Software2

CNNVD•added 2022/02/14 12:0 a.m.•1 views

Compass Plus e-Commerce Payment Gateway 安全漏洞

Compass Plus e-Commerce Payment Gateway is an application interface of the Russian company Compass Plus. It provides an API interface for payment functions. A security vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online TWO 5.3.33.3 F38 and FIMI 4.2.19.4 25,...

6.1CVSS6.3AI score0.00238EPSS

Exploits1References2

vulnersOsv•added 2021/12/09 7:27 p.m.•0 views

@love-open-source/ember-slider (>=0.0.2 <=1.1.10), broccoli-compass-compiler (>=0.0.1 <=0.0.6) +1 more potentially affected by CVE-2020-7635 via compass-compile (=0.0.1)

compass-compile NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on compass-compile and may be impacted: - @love-open-source/ember-slider =0.0.2, =0.0.1, =0.1.0, =0.5.0 Source cves: CVE-2020-7635 Source advisory: OSV:GHSA-7Q9F-X6RM-QMXR...

9.8CVSS7.2AI score0.01227EPSS

Exploits1