CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2024/07/18 6:15 p.m.•12 views

CVE-2024-5625

Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics Apinizer Management Console allows Data Serialization External Entities Blowup. This issue affects Apinizer Management Console: before 2024.05.1...

6.5CVSS0.00161EPSS

ATTACKERKB•added 2024/07/18 6:15 p.m.•1 views

CVE-2024-5625

6.5CVSS5.8AI score0.00161EPSS

Exploits0References3

Vulnrichment•added 2024/07/18 5:12 p.m.•7 views

CVE-2024-5625 XML External Entity Injection in PruvaSoft Informatics' Apinizer Management Console

6.5CVSS5.8AI score0.00161EPSS

Cvelist•added 2024/07/18 5:12 p.m.•19 views

CVE-2024-5625 XML External Entity Injection in PruvaSoft Informatics' Apinizer Management Console

6.5CVSS0.00161EPSS

Positive Technologies•added 2024/07/18 12:0 a.m.•1 views

PT-2024-36773 · Unknown · Apinizer Management Console

Name of the Vulnerable Software and Affected Versions: Apinizer Management Console versions prior to 2024.05.1 Description: The issue is related to an Improper Restriction of XML External Entity Reference, which allows Data Serialization External Entities Blowup. Recommendations: For versions pri...

6.5CVSS7.1AI score0.00161EPSS

Exploits0References4

OSV•added 2024/07/01 5:15 p.m.•0 views

CVE-2024-36984

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code...

8.8CVSS6AI score0.02567EPSS

Amazon•added 2024/06/14 12:0 a.m.•3 views

Important: R

Issue Overview: Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system...

8.8CVSS7.4AI score0.04526EPSS

SUSE CVE•added 2024/06/04 12:19 p.m.•2 views

SUSE CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system when interacted...

8.8CVSS8.3AI score0.04526EPSS

Exploits0References3

OSV•added 2024/04/29 1:15 p.m.•1 views

AZL-42815 CVE-2024-27322 affecting package R for versions less than 4.1.0-5

8.8CVSS7.3AI score0.04526EPSS

Exploits0References1

OSV•added 2024/04/29 1:15 p.m.•2 views

AZL-42792 CVE-2024-27322 affecting package R for versions less than 4.4.1-1

8.8CVSS7.3AI score0.04526EPSS

Exploits0References1

OSV•added 2024/04/29 1:15 p.m.•0 views

UBUNTU-CVE-2024-27322

8.8CVSS7.3AI score0.04526EPSS

Exploits0References12

CERT•added 2024/04/29 12:0 a.m.•29 views

R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files

Overview A vulnerability in the R language that allows for arbitrary code to be executed directly after the deserialization of untrusted data has been discovered. This vulnerability can be exploited through RDS R Data Serialization format files and .rdx files. An attacker can create malicious RDS...

8.8CVSS8.7AI score0.04526EPSS

Exploits0References3

Vulnrichment•added 2024/04/24 7:6 p.m.•11 views

CVE-2024-32876 NewPipe has potential security vulnerability when importing settings

NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in...

8.5CVSS7.4AI score0.00054EPSS

Exploits0References4

CVE•added 2024/04/11 12:0 a.m.•65 views

CVE-2024-29452

CVE-2024-29452 relates to ROS2 Humble Hawksbill, with insecure deserialization vulnerabilities in ROS2 Humble Hawksbill versions 2 and 3. The issue enables an attacker to execute arbitrary code and obtain sensitive information via crafted input affecting the Data Serialization and Deserialization...

CVE•added 2024/04/10 12:0 a.m.•6959 views

CVE-2024-30719

CVE-2024-30719 is rejected; this candidate is not used and does not reflect an active vulnerability entry.

CVE•added 2024/04/10 12:0 a.m.•7482 views

CVE-2024-30736

CVE-2024-30736 entry is rejected/not used; withdrawn by CNA with no vulnerability evidence.

CVE•added 2024/04/09 6:59 p.m.•61 views

CVE-2024-2501

CVE-2024-2501 affects Hubbub Lite (WordPress plugin) up to version 1.33.1 and enables PHP Object Injection via deserialization in the dpsp_maybe_unserialize function. Authenticated attackers with Contributor+ privileges can inject a PHP object; if a POP chain exists via another plugin/theme, this...

7.5CVSS9.3AI score0.01217EPSS

Exploits0References4

CVE•added 2024/04/09 12:0 a.m.•7808 views

CVE-2024-30687

CVE-2024-30687 has been withdrawn; multiple sources (NVD, CNNVD, CVE List) state: “DO NOT USE THIS CANDIDATE NUMBER. This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability.” Consequently, there is ...

CVE•added 2024/04/09 12:0 a.m.•6788 views

CVE-2024-30704

CVE-2024-30704 entry is rejected/not used and does not represent an active vulnerability entry.