CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

682 matches found

Veracode•added 2022/03/12 8:24 a.m.•15 views

Remote Code Execution (RCE)

spip is vulnerable to remote code execution. The vulnerability exists due to a lack of validation allowing an attacker to execute maliciously crafted script in the system...

8.8CVSS3.7AI score0.05798EPSS

Exploits0References5Affected Software2

CNNVD•added 2022/02/24 12:0 a.m.•2 views

WBCE CMS 安全漏洞

WBCE CMS is an open source content management system CMS based on PHP and MySQL. WBCE CMS suffers from a security vulnerability that originates in /templates/install.php that allows attackers to execute arbitrary code via a crafted PHP file...

7.8CVSS8AI score0.00492EPSS

Exploits1References2

BDU FSTEC•added 2022/02/07 12:0 a.m.•2 views

The vulnerability of Juniper Networks’ Junos OS, related to errors in the certificate validation process, allows attackers to execute a type of “man-in-the-middle” attack.

The vulnerability of Juniper Networks’ Junos OS is related to errors in the certificate validation process. Exploiting this vulnerability allows a malicious actor to execute a “man-in-the-middle” attack by loading a specially created script...

6.5CVSS7.3AI score0.00116EPSS

Exploits1References4Affected Software1

CNNVD•added 2022/02/03 12:0 a.m.•4 views

Backdrop CMS 跨站请求伪造漏洞

Backdrop CMS is an open source content management system CMS. A cross-site request forgery vulnerability exists in Backdrop CMS, which stems from obtaining remote code execution RCE on a hosted web server by uploading a malicious add-on with a crafted PHP file. No details of the vulnerability are...

8.8CVSS6.3AI score0.00449EPSS

Exploits1References3

CNNVD•added 2021/12/21 12:0 a.m.•4 views

Emerson Electric Emerson DeltaV Distributed Control System 访问控制错误漏洞

Emerson Electric Emerson DeltaV Distributed Control System is an automated distributed control system from Emerson Electric. The system includes features such as network security management, alarm management, batch control, and change management. An access control error vulnerability exists in...

6.1CVSS5.8AI score0.00028EPSS

Exploits0References5

Microsoft CVE•added 2021/12/16 8:0 a.m.•2 views

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

...

5.5CVSS5.9AI score0.00174EPSS

Exploits1

Prion•added 2021/12/13 6:15 p.m.•36 views

Hardcoded credentials

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

6.8CVSS6.7AI score0.05428EPSS

Exploits0References14Affected Software8

OSV•added 2021/12/13 6:14 p.m.•1 views

GHSA-55X5-FJ6C-H6M8 lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through

Impact The HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5. Patches The issue has been resolved in lxml 4.6.5...

8.2CVSS6.5AI score0.05428EPSS

Exploits0References17

AlpineLinux•added 2021/12/13 6:5 p.m.•73 views

CVE-2021-43818

8.2CVSS7.8AI score0.05428EPSS

Exploits0

CNNVD•added 2021/12/13 12:0 a.m.•1 views

lxml 注入漏洞

Lxml is a personal developer of Lxml can be interacted with Python for locating elements in Html. An injection vulnerability exists in versions of lxml prior to 4.6.5, which stems from the fact that HTML Cleaner allows the passage of certain carefully crafted scripted content, as well as scripted...

8.2CVSS7AI score0.05428EPSS

Exploits0References32

OSV•added 2021/11/09 1:15 p.m.•1 views

AZL-41445 CVE-2021-43519 affecting package ntopng for versions less than 5.2.1-5