CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6680 matches found

OSV•added 2022/04/01 11:15 p.m.•1 views

CVE-2022-0922

The software does not perform any authentication for critical system functionality...

6.5CVSS5.8AI score0.00381EPSS

Exploits0References1

Prion•added 2022/04/01 11:15 p.m.•39 views

Remote code execution

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

7.5CVSS9.4AI score0.99939EPSS

Exploits36References6Affected Software28

CVE•added 2022/04/01 10:17 p.m.•83 views

CVE-2022-0922

CVE-2022-0922 affects Philips e-Alert hardware (affected: e-Alert versions 2.7 and prior). The vulnerability is missing authentication for critical functions (CWE-306), with CVSSv3 base score 6.5 (AV:A, AC:L, PR:N, UI:N, S:U, C:N, I:N, A:H). Exploitation is adjacent-network, low complexity; impac...

6.5CVSS6.7AI score0.00381EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2022/04/01 12:0 a.m.•8 views

CVE-2022-22963

9.6AI score0.99939EPSS

Exploits36References6

Veracode•added 2022/03/31 1:51 a.m.•133 views

Remote Code Execution

spring-cloud-function-context is vulnerable to remote code execution. The routing functionality allows a user to provide a malicious SpEL as a routing-expression which would allow arbitrary OS commands to be executed remotely...

9.8CVSS4.7AI score0.99939EPSS

Exploits36References7Affected Software2

ICS•added 2022/03/31 12:0 a.m.•99 views

Rockwell Automation Logix Controllers

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Logix Controllers Vulnerability: Inclusion of Functionality from Untrusted Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...

10CVSS8.7AI score0.04871EPSS

Exploits0References5

OSV•added 2022/03/30 3:15 p.m.•4 views

CVE-2022-25620

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 versio...

9CVSS6AI score0.00417EPSS

Exploits0References1

ATTACKERKB•added 2022/03/30 3:15 p.m.•1 views

CVE-2022-25620

9CVSS5.8AI score0.00417EPSS

Exploits0References2Affected Software1

Prion•added 2022/03/30 3:15 p.m.•17 views

Design/Logic Flaw

3.5CVSS9AI score0.00417EPSS

Exploits0References1Affected Software1

Akamai Blog•added 2022/03/30 1:0 p.m.•46 views

Welcome to Edge Diagnostics

After more than a year of dedication and hard work, we are delighted to officially announce the launch of our new Edge Diagnostics application on March 30, 2022. Diagnosing network and content issues quickly and effectively is critical to your success! Therefore the aim is to make the existing...

0.9AI score

Exploits0

Code423n4•added 2022/03/30 12:0 a.m.•8 views

Owner Can Stop Bridge All Functionality Only With One Change

Lines of code Vulnerability details Impact Owner can stop all bridge functionality with the changing cBridge contract address with the zero. The centralized structure can cause to pause all operations. Proof of Concept Tools Used Code Review Recommended Mitigation Steps It is recommended to place...

7AI score

Exploits0

Exploit DB•added 2022/03/30 12:0 a.m.•354 views

Atom CMS 2.0 - Remote Code Execution (RCE)

Exploit Title: Atom CMS 2.0 - Remote Code Execution RCE Date: 22.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://thedigitalcraft.com/ Software Link: https://github.com/thedigicraft/Atom.CMS Version: 2.0 Tested on: Ubuntu 20.04.3 LTS CVE: CVE-2022-25487 Description This script...

9.8CVSS9.6AI score0.54766EPSS

Exploits4

OSV•added 2022/03/29 2:15 a.m.•1 views

CVE-2022-24956

An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote...

6.5CVSS6.7AI score0.01345EPSS

Exploits1References2

Code423n4•added 2022/03/29 12:0 a.m.•14 views

All swapping functions lack checks for returned tokens

Lines of code Vulnerability details Impact Every function that stems from the GenericSwapFacet lacks checks to ensure that some tokens have been returned via the swaps. In LibSwap.sol in the swap function, the swap call is sent to the target DEX. A return of success is required, otherwise the...

6.9AI score

Exploits0