CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2671 matches found

WPVulnDB•added 2024/01/17 12:0 a.m.•36 views

popup-builder < 4.2.6 - Admin+ SSRF & File Read

Description The plugin does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. PoC 1. Create a multi-site wordpress setup, i.e. using docker-containers, and setup a second "site"...

6.5AI score0.00812EPSS

Exploits2Affected Software1

Oracle linux•added 2024/01/11 12:0 a.m.•40 views

container-tools:4.0 security update

buildah 1:1.24.6-7 - rebuild for CVE-2023-29406 - Related: 2176055 cockpit-podman 46-1 - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/46 - Related: 2061390 conmon 2:2.1.4-2 - update to https://github.com/containers/conmon/releases/tag/v2.1.4 - Related: 2176055...

7.5CVSS7.3AI score0.02513EPSS

Exploits1

OSV•added 2024/01/09 10:15 p.m.•43 views

CVE-2023-6476

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node...

7.5CVSS7.3AI score0.00859EPSS

Exploits0References4

NVD•added 2024/01/09 10:15 p.m.•56 views

CVE-2023-6476

7.5CVSS6.4AI score0.00859EPSS

Exploits0References4

RedhatCVE•added 2024/01/09 9:31 p.m.•32 views

CVE-2023-6476

6.5CVSS6.8AI score0.00859EPSS

Exploits0References3

Prion•added 2023/12/22 3:15 p.m.•11 views

Spoofing

Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This...

5CVSS7.2AI score0.00595EPSS

Exploits1References3Affected Software1

OSV•added 2023/12/22 2:54 p.m.•13 views

CVE-2023-51661 Filesystem sandbox not enforced in wasmer-cli

8.4CVSS8.3AI score0.00595EPSS

Exploits1References5

IBM Security Bulletins•added 2023/12/20 5:31 p.m.•28 views

Security Bulletin: Information leakage vulnerability affect IBM Business Automation Workflow - CVE-2023-40691

Summary IBM Business Automation Workflow is vulnerable to an information leakage attack. Vulnerability Details CVEID:CVE-2023-40691 DESCRIPTION: IBM Business Automation Workflow may reveal sensitive information contained in application configuration to developer and administrator users. CVSS Base...

4.9CVSS5.2AI score0.00739EPSS

Exploits0Affected Software1

Tenable Nessus•added 2023/12/15 12:0 a.m.•15 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cosign (SUSE-SU-2023:4870-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4870-1 advisory. - Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by a...

5.3CVSS5.6AI score0.0064EPSS

Exploits1References4

ATTACKERKB•added 2023/12/13 9:15 p.m.•1 views

CVE-2023-50439

ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 ANSSI qualification submission, ZED! for Windows before Q.2021.2 ANSSI qualification submission, ZONECENTRAL for Windows before Q.2021.2 ANSSI qualification submission, ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows...

5.3CVSS6AI score0.00522EPSS

Exploits0References3

OSV•added 2023/12/13 9:15 p.m.•2 views

CVE-2023-50440

ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 ANSSI qualification submission; ZED! for Windows before Q.2021.2 ANSSI qualification submission; ZONECENTRAL for Windows before Q.2021.2 ANSSI qualification submission; ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows...

5.5CVSS5.8AI score0.00226EPSS

Exploits0References2

NVD•added 2023/12/13 9:15 p.m.•10 views

CVE-2023-50440

5.5CVSS0.00226EPSS

Exploits0References2

NVD•added 2023/12/13 9:15 p.m.•12 views

CVE-2023-50439

5.3CVSS0.00522EPSS

Exploits0References2

Prion•added 2023/12/13 9:15 p.m.•15 views

Design/Logic Flaw

5CVSS6.9AI score0.00522EPSS

Exploits0References2Affected Software3

NVD•added 2023/12/13 8:15 p.m.•12 views

CVE-2023-50444

By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 ANSSI qualification submission; ZED! for Windows before Q.2021.2 ANSSI qualification submission; ZONECENTRAL for Windows before Q.2021.2 ANSSI qualification submission; ZONECENTRAL for Windows before 2023.5; ZEDMAIL fo...

7.5CVSS0.00608EPSS

Exploits0References2

Prion•added 2023/12/13 8:15 p.m.•15 views

Design/Logic Flaw

5CVSS7.1AI score0.00608EPSS

Exploits0References2Affected Software3

CVE•added 2023/12/13 12:0 a.m.•45 views

CVE-2023-50440

The CVE-2023-50440 issue affects multiple PRIMX ZED ecosystem containers. Specifically, ZED! for Windows prior to Q.2020.3, ZED! for Windows prior to Q.2021.2, ZONECENTRAL for Windows prior to Q.2021.2 and prior to Q.2023.5, ZEDMAIL (Windows prior to 2023.5), and ZED! (Windows, Mac, Linux prior t...

5.5CVSS5.5AI score0.00226EPSS

Exploits0References2Affected Software3

CVE•added 2023/12/13 12:0 a.m.•38 views

CVE-2023-50439

The CVE-2023-50439 entry concerns PRIMX ZED! and ZONECENTRAL/ZEDMAIL on Windows. Affected versions disclose the original path in which containers were created, allowing an unauthenticated attacker to obtain contextual information (e.g., project name). Specifically, ZED! for Windows before Q.2020....

5.3CVSS5.2AI score0.00522EPSS

Exploits0References2Affected Software3