CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11633 matches found

Cvelist•added 2022/09/21 3:46 p.m.•47 views

CVE-2022-41250

A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.8AI score0.00536EPSS

Exploits0References2

Vulnrichment•added 2022/09/21 3:46 p.m.•2 views

CVE-2022-41250

6.4AI score0.00536EPSS

Exploits0References2

Cvelist•added 2022/09/21 3:46 p.m.•54 views

CVE-2022-41249

A cross-site request forgery CSRF vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.9AI score0.0038EPSS

Exploits0References2

Prion•added 2022/09/21 12:15 a.m.•18 views

Path traversal

McWebserver mod runs a simple HTTP server alongside the Minecraft server in seperate threads. Path traversal in McWebserver Minecraft Mod for Fabric and Quilt up to and including 0.1.2.1 and McWebserver Minecraft Mod for Forge up to and including 0.1.1 allows all files, accessible by the program,...

5CVSS7.4AI score0.00785EPSS

Exploits0References2Affected Software2

CVE•added 2022/09/20 11:25 p.m.•58 views

CVE-2022-39221

CVE-2022-39221 concerns the McWebserver Minecraft Mod. A path-traversal flaw exists in the McWebserver mod for Fabric and Quilt up to and including 0.1.2.1 and for Forge up to 0.1.1, allowing an attacker to read any files accessible to the mod via HTTP requests. A patch was released in version 0....

7.5CVSS7.5AI score0.00785EPSS

Exploits0References2Affected Software2

OSV•added 2022/09/20 11:25 p.m.•3 views

CVE-2022-39221 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') McWebserver Minecraft Mod

7.5CVSS6.8AI score0.00785EPSS

Exploits0References4

OSV•added 2022/09/16 6:48 p.m.•53 views

GHSA-W3W9-VRF5-8MX8 ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

Impact In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host- and Secure- confused with cookies that decode to such prefix, thus leading to an attacker...

5.3CVSS6.6AI score0.00775EPSS

Exploits0References7

Github Security Blog•added 2022/09/16 6:48 p.m.•88 views

ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

5.3CVSS6.6AI score0.00775EPSS

Exploits0References7Affected Software1

IBM Security Bulletins•added 2022/09/15 6:50 p.m.•30 views

Security Bulletin: Multiple vulnerabilities that have been identified in IBM HTTP Server shipped with WebSphere Application Server may affect WebSphere Process Server

Summary WebSphere Application Server is shipped as a component of WebSphere Process Server. Information about security vulnerabilities affecting IBM HTTP server shipped with WebSphere Application Server have been published in security bulletins. Vulnerability Details Please consult the security...

6.8CVSS8AI score0.73327EPSS

Exploits0Affected Software2