CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1885 matches found

Cvelist•added 2024/09/23 12:0 a.m.•14 views

CVE-2024-39342

Entrust Instant Financial Issuance formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library i.e. DCG.Security.dll with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of t...

0.00109EPSS

Exploits0References3

Cvelist•added 2024/09/23 12:0 a.m.•8 views

CVE-2024-39341

Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...

0.00197EPSS

Exploits0References3

Vulnrichment•added 2024/09/23 12:0 a.m.•6 views

CVE-2024-39341

6.5AI score0.00197EPSS

Exploits0References3

CVE•added 2024/09/23 12:0 a.m.•44 views

CVE-2024-39341

CVE-2024-39341 affects Entrust Instant Financial Issuance (On Premise) software (6.10.0, 6.9.x, 6.8.x and earlier). A configuration file WebAPI.cfg.xml is left behind after installation and can be accessed without authentication via HTTP port 80, exposing system configuration parameter names and ...

5.9CVSS7AI score0.00197EPSS

Exploits0References3

vulnersOsv•added 2024/09/01 12:0 p.m.•4 views

AitSar (=0.1.1), Boa (>=0.11.0 <=0.13.1) +9727 more potentially affected by unknown CVE via instant (>=0.1.13 <=0.1.9)

instant CARGO version =0.1.13, =0.11.0, =0.1.0-beta.1, =0.1.1, =0.1.0, =0.1.0, =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0384...

5.5AI score

Exploits0

RustSec•added 2024/09/01 12:0 p.m.•5 views

`instant` is unmaintained

This crate is no longer maintained, and the author recommends using the maintained web-time crate instead. web-time: https://crates.io/crates/web-time...

7.2AI score

Exploits0

BDU FSTEC•added 2024/08/23 12:0 a.m.•2 views

The vulnerability of the SIP call processing function of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) allows a perpetrator to trigger a service failure.

The vulnerability of the SIP call processing function of the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures by...

8.6CVSS5.8AI score0.00745EPSS

Exploits0References2Affected Software2

CNNVD•added 2024/08/20 12:0 a.m.•4 views

Friendica 安全漏洞

Friendica is an application of the German Friendica community. It provides decentralized social networking. A security vulnerability exists in Friendica version 2024.03, which stems from susceptibility to cross-site scripting attacks in settings/configuration files via homepage, xmpp and matrix...

5.4CVSS6.1AI score0.00323EPSS

Exploits1References4

The Hacker News•added 2024/08/06 9:36 a.m.•21 views

New Android Spyware LianSpy Evades Detection Using Yandex Cloud

Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021. Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control C2...

7.3AI score

Exploits0