CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3793 matches found

BDU FSTEC•added 2022/02/07 12:0 a.m.•3 views

The vulnerability of Adobe InDesign’s computer layout automation tool, related to writing beyond the buffer in memory, allows a hacker to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious file...

7.8CVSS7.8AI score0.02192EPSS

Exploits0References5Affected Software1

wpexploit•added 2022/02/01 12:0 a.m.•108 views

Cost Calculator <= 1.8 - Authenticated Local File Inclusion

The plugin allows authenticated users Contributor+ in versions 1.5, and Admin+ in versions = 1.8 to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout As a contributor, create a Cost Calculator post, set the Layout to...

6.5CVSS0.2AI score0.02929EPSS

Exploits2

OpenVAS•added 2022/01/28 12:0 a.m.•23 views

Mageia: Security Advisory (MGASA-2019-0155)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.5AI score0.37618EPSS

Exploits1References5

Github Security Blog•added 2022/01/27 6:32 p.m.•43 views

Server Side Twig Template Injection

PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds...

9.8CVSS5.2AI score0.01786EPSS

Exploits0References5Affected Software1

OSV•added 2022/01/27 6:32 p.m.•85 views

GHSA-MRQ4-7CH7-2465 Server Side Twig Template Injection

9CVSS9.2AI score0.01786EPSS

Exploits0References5

IBM Security Bulletins•added 2022/01/27 6:10 p.m.•54 views

Security Bulletin: Vulnerability inApache Log4j - CVE-2021-45046 may affect IBM Watson Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability inApache Log4j - CVE-2021-45046 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Several components of IBM Watson Assistant for IBM Cloud Pak for Data use Log4j to log diagnostic data unrelated to customer input. Refer to detai...

10CVSS0.8AI score0.99999EPSS

Exploits347Affected Software1

Cvelist•added 2022/01/26 8:10 p.m.•50 views

CVE-2022-21686 Server Side Twig Template Injection in PrestaShop

9CVSS9.6AI score0.01786EPSS

Exploits0References3

OSV•added 2022/01/26 8:10 p.m.•32 views

CVE-2022-21686 Server Side Twig Template Injection in PrestaShop

9CVSS9.2AI score0.01786EPSS

Exploits0References5

Fedora•added 2022/01/22 1:32 a.m.•29 views

[SECURITY] Fedora 35 Update: harfbuzz-2.9.1-1.fc35

HarfBuzz is an implementation of the OpenType Layout engine...

6.5CVSS1.8AI score0.0178EPSS

Exploits1

OpenVAS•added 2022/01/22 12:0 a.m.•20 views

Fedora: Security Advisory for harfbuzz (FEDORA-2022-b3b5ac4053)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.5AI score0.0178EPSS

Exploits1References2

OSV•added 2022/01/21 11:26 p.m.•7 views

GHSA-65FG-84F6-3JQ3 SQL Injection in Log4j 1.2.x

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

9.8CVSS6.9AI score0.67466EPSS

Exploits1References8