CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

139 matches found

RubySec•added 2024/10/02 12:0 a.m.•9 views

OpenC3 stores passwords in clear text (`GHSL-2024-129`)

Summary OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting see GHSL-2024-128. Note: This CVE only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition Impa...

6.5CVSS6.4AI score0.00344EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2024/09/02 4:26 p.m.•17 views

CVE-2024-43801 Privilege escalation to admin from a low-privileged user via SVG upload in Jellyfin

Jellyfin is an open source self hosted media server. The Jellyfin user profile image upload accepts SVG files, allowing for a stored XSS attack against an admin user via a specially crafted malicious SVG file. When viewed by an admin outside of the Jellyfin Web UI e.g. via "view image" in a...

4.6CVSS5.9AI score0.00346EPSS

Exploits0References2

Cvelist•added 2024/09/02 4:26 p.m.•37 views

CVE-2024-43801 Privilege escalation to admin from a low-privileged user via SVG upload in Jellyfin

4.6CVSS0.00346EPSS

Exploits0References2

CVE•added 2024/09/02 4:26 p.m.•319 views

CVE-2024-43801

CVE-2024-43801 affects Jellyfin (self-hosted media server). The vulnerability arises from accepting SVG uploads for user profiles, enabling a stored XSS that could let an admin load a crafted SVG outside Jellyfin’s Web UI, interact with the browser LocalStorage, and exfiltrate an AccessToken to e...

5.4CVSS4.6AI score0.00346EPSS

Exploits0References3Affected Software1

RedHat Linux•added 2024/02/13 2:45 p.m.•1 views

sidekiq: DoS in dashboard-charts

A denial of service vulnerability was found in Sidekiq. This flaw allows an attacker to manipulate the localStorage value in the dashboard-charts.js file and cause excessive polling requests...

7.5CVSS5.7AI score0.0075EPSS

Exploits1References5

Amazon•added 2023/11/16 12:0 a.m.•3 views

Important: firefox

Issue Overview: A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering it was...

9.8CVSS8.5AI score0.0162EPSS

Exploits2

Veracode•added 2023/09/20 8:31 a.m.•19 views

Denial Of Service

sidekiq is vulnerable to Denial Of Service. The vulnerability is due to insufficient localStorage checks in the dashboard-charts.js file. The attacker can exploit this issue by manipulating the localeStorage.sidekiqTimeInterval which leads to Denial of Service...

7.5CVSS6.8AI score0.0075EPSS

Exploits1References4Affected Software2

RedhatCVE•added 2023/09/18 8:24 a.m.•12 views

CVE-2023-26141

A denial of service vulnerability was found in Sidekiq. This flaw allows an attacker to manipulate the localStorage value in the dashboard-charts.js file and cause excessive polling requests...

4.9CVSS6.6AI score0.0075EPSS

Exploits1References4

OSV•added 2023/09/14 6:30 a.m.•18 views

GHSA-3QC2-V3HP-6CV8 sidekiq Denial of Service vulnerability

Versions of the package sidekiq before 7.1.3 and 6.5.10 are vulnerable to Denial of Service DoS due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests...

5.7CVSS5.9AI score0.0075EPSS

Exploits1References9

Github Security Blog•added 2023/09/14 6:30 a.m.•21 views

sidekiq Denial of Service vulnerability

7.5CVSS5.3AI score0.0075EPSS

Exploits1References9Affected Software1

OSV•added 2023/09/14 5:15 a.m.•9 views

CVE-2023-26141

Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service DoS due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests...

4.9CVSS6.9AI score

Exploits0References4

NVD•added 2023/09/14 5:15 a.m.•14 views

CVE-2023-26141

7.5CVSS7.5AI score0.0075EPSS

Exploits1References4

Prion•added 2023/09/14 5:15 a.m.•9 views

Input validation

3.3CVSS4.9AI score0.0075EPSS

Exploits1References4Affected Software1

OSV•added 2023/09/14 5:15 a.m.•1 views

UBUNTU-CVE-2023-26141

7.5CVSS5.8AI score0.0075EPSS

Exploits1References2

Vulnrichment•added 2023/09/14 5:0 a.m.•9 views

CVE-2023-26141

7.5CVSS6.5AI score0.0075EPSS

Exploits1References4

CVE•added 2023/09/14 5:0 a.m.•86 views

CVE-2023-26141

CVE-2023-26141 affects sidekiq prior to 7.1.3. The vulnerability arises from insufficient checks in the dashboard-charts.js file, allowing an attacker to manipulate localStorage and trigger excessive polling, leading to Denial of Service. The DoS impact is documented across multiple feeds, with t...

7.5CVSS4.8AI score0.0075EPSS

Exploits1References4Affected Software1

Cvelist•added 2023/09/14 5:0 a.m.•18 views

CVE-2023-26141

7.5CVSS7.5AI score0.0075EPSS

Exploits1References4

Debian CVE•added 2023/09/14 5:0 a.m.•19 views

CVE-2023-26141

7.5CVSS5.7AI score0.0075EPSS

Exploits1

CNNVD•added 2023/09/14 12:0 a.m.•4 views

Mike Perham sidekiq data forgery issue vulnerability

Mike Perham sidekiq is a Mike Perham open source application. Using threads to process many jobs simultaneously in the same process A security vulnerability in Mike Perham sidekiq prior to version 7.1.3, which stems from insufficient checking of the file dashboard-charts.js, allows an attacker to...

7.5CVSS6.5AI score0.0075EPSS

Exploits1References6

UbuntuCve•added 2023/09/14 12:0 a.m.•17 views

CVE-2023-26141

7.5CVSS6.3AI score0.0075EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by