CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5604 matches found

Snyk•added 2022/11/02 2:36 p.m.•2 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in stbijpegload. Remediation There is no fixed version for stb. References - GitHub Issue Credit: bufanremi...

8.1CVSS7AI score0.00785EPSS

Exploits1References2

Veracode•added 2022/10/27 5:34 a.m.•18 views

Prototype Pollution

wintercms/winter is vulnerable to prototype pollution. The vulnerability exists in the main Snowboard class as well as its plugin loader where an attacker can control the default values of an object's properties. This allows the attacker to tamper with the logic of the application...

9.8CVSS8.9AI score0.01027EPSS

Exploits0References6Affected Software1

CNNVD•added 2022/10/26 12:0 a.m.•5 views

Winter 安全漏洞

Winter is a free, open source, self-hosted CMS platform based on the Laravel PHP framework. A security vulnerability exists in Winter versions 1.1.8, 1.1.9, and 1.2.0, which stems from the Snowboard framework's susceptibility to prototype contamination in Snowboard's main class and its plugin...

9.8CVSS8.3AI score0.01027EPSS

Exploits0References6

Kitploit•added 2022/10/25 11:30 a.m.•30 views

Mangle - Tool That Manipulates Aspects Of Compiled Executables (.Exe Or DLL) To Avoid Detection From EDRs

Authored By Tyl0us Featured at Source Zero Con 2022 Mangle is a tool that manipulates aspects of compiled executables .exe or DLL. Mangle can remove known Indicators of Compromise IoC based strings and replace them with random characters, change the file by inflating the size to avoid EDRs, and c...

7.3AI score

Exploits0References3

Positive Technologies•added 2022/10/25 12:0 a.m.•3 views

PT-2022-36708 · Libraw · Libraw

Name of the Vulnerable Software and Affected Versions: LibRaw affected versions not specified Description: The issue is related to a heap-buffer-overflow error, specifically a WRITE 2 crash type. The crash occurs in the LibRaw::kodak rgb load raw function, which is called by LibRaw::kodak thumb...

6.8AI score

Exploits0References2

hivepro•added 2022/10/20 11:46 a.m.•25 views

The Spyder Loader malware targets organizations in Hong Kong

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Spyder Loader malware was first publicly documented in March 2021. The recent Spyder Loader malware campaign appears to have had the ultimate goal of information theft, and the threat actor behind th...

1.1AI score

Exploits0

Debian•added 2022/10/18 9:6 p.m.•53 views

[SECURITY] [DSA 5257-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5257-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 18, 2022 https://www.debian.org/security/faq -...

8.8CVSS8.8AI score0.03763EPSS

Exploits10

The Hacker News•added 2022/10/18 10:11 a.m.•38 views

Chinese 'Spyder Loader' Malware Spotted Targeting Organizations in Hong Kong

The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed Operation CuckooBees. Active since at least 2007, Winnti aka APT41, Barium, Bronze Atlas, and Wicked Panda is the name designated to a prolific...

0.1AI score

Exploits0

Veracode•added 2022/10/16 9:39 p.m.•41 views

Regular Expression Denial Of Service (ReDoS)

loader-utils is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to insecure regular expression in the url variable of the interpolateName function in interpolateName.js. A remote attacker can cause denial of service via malicious regex...

7.5CVSS8.2AI score0.02029EPSS

Exploits1References13Affected Software7

vulnersOsv•added 2022/10/14 7:0 p.m.•3 views

0xgank-tea-advice-pull (=1.0.0), 0xgank-tea-balance-pencil (=1.0.0) +8777 more potentially affected by CVE-2022-37603 via loader-utils (>=2.0.0 <=2.0.3)

loader-utils NPM version =2.0.0, =2.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on loader-utils and may be impacted: - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0...

7.5CVSS6.8AI score0.02029EPSS

Exploits1

vulnersOsv•added 2022/10/14 7:0 p.m.•3 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +14916 more potentially affected by CVE-2022-37603 via loader-utils (>=1.0.0 <=1.4.1)

loader-utils NPM version =1.0.0, =1.0.1, =1.0.5, =0.1.0, =0.1.0, =1.0.3, =0.1.0, =0.1.2, =0.0.2, =0.3.0, =0.1.4, =0.1.6 and more Source cves: CVE-2022-37603 Source advisory: OSV:GHSA-3RFM-JHWJ-7488...

7.5CVSS6.8AI score0.02029EPSS

Exploits1

vulnersOsv•added 2022/10/14 7:0 p.m.•3 views

@alfresco/adf-testing (=6.0.0-A.2-8258), @angular-architects/build-angular (=14.2.0-next.0) +54 more potentially affected by CVE-2022-37603 via loader-utils (>=3.0.0 <=3.2.0)

loader-utils NPM version =3.0.0, =0.9.2, =13.0.0, =1.0.0, =1.3.1, =13.0.0-rc.18, =3.9.0, =13.0.0, =0.1.0, =1.7.4, =4.7.1-beta.0, =4.7.1-beta.0, =9.1.3-beta.1 and more Source cves: CVE-2022-37603 Source advisory: OSV:GHSA-3RFM-JHWJ-7488...

7.5CVSS6.8AI score0.02029EPSS

Exploits1

Github Security Blog•added 2022/10/14 7:0 p.m.•62 views

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable

A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take ...

7.5CVSS8.1AI score0.02029EPSS

Exploits1References12Affected Software1

OSV•added 2022/10/14 7:0 p.m.•1 views

GHSA-3RFM-JHWJ-7488 loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable

7.5CVSS6.5AI score0.02029EPSS

Exploits1References12