Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Cvelist
Cvelistadded 2023/02/01 4:34 a.m.12 views

CVE-2022-34458

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the...

6.6CVSS6.5AI score0.00064EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2022/11/14 12:0 a.m.2 views

PT-2022-6351 · Dell · Alienware Update +2

Name of the Vulnerable Software and Affected Versions: Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 Description: The issue is related to the exposure of sensitive system information to an unauthorized control sphere. A local malicious user could potentially explo...

6.6CVSS5.2AI score0.00064EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2022/05/17 5:3 a.m.25 views

pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository

pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a download operation...

6.8CVSS7.6AI score0.00531EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2021/10/22 8:15 p.m.0 views

CVE-2020-36486

Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting XSS vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling...

6.1CVSS6.3AI score
Exploits0References1
Prion
Prionadded 2019/04/18 6:29 p.m.12 views

Design/Logic Flaw

In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, some fields, such as passwords, are obfuscated in the front-end, but the cleartext value can be exfiltrated by using the back-end "download" feature, as demonstrated by an mfp.password downloadsettingvalue operation...

4CVSS5.2AI score0.0007EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2017/02/17 7:45 a.m.90 views

CVE-2017-5020

CVE-2017-5020 concerns Google Chrome prior to 56.0.2924.76 (Linux/Windows/macOS) and 56.0.2924.87 (Android). The issue arises from failing to require a user gesture for powerful download operations, which could let a remote attacker who tricks a user into installing a malicious extension execute ...

6.1CVSS7AI score0.00532EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVEadded 2017/02/17 7:45 a.m.25 views

CVE-2017-5020

Removed by vendor...

6.1CVSS8AI score0.00532EPSS
Exploits0
CNVD
CNVDadded 2016/02/23 12:0 a.m.3 views

Ipswitch MOVEit DMZ MOVEitISAPI Information Disclosure Vulnerability

Ipswitch MOVEit is an automated file transfer system from Ipswitch USA. DMZ and Mobile are among the versions. Ipswitch MOVEit A security vulnerability exists in the MOVEitISAPI service of DMZ due to the sending of different error messages based on the presence or absence of a FileID. A remote...

4.3CVSS7AI score0.00021EPSS
Exploits2References1
PyPA
PyPAadded 2013/08/06 2:52 a.m.4 views

PYSEC-2013-10

pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a download operation...

6.8CVSS7.8AI score0.00531EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder