CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1769 matches found

SUSE CVE•added 2023/02/15 3:40 a.m.•1 views

SUSE CVE-2021-34337

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...

7.4CVSS7.1AI score0.00299EPSS

Exploits0References3

OSV•added 2023/02/01 4:15 a.m.•4 views

CVE-2022-4062

A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission Versions prior to V2.25...

7.8CVSS5.8AI score0.00165EPSS

Exploits0References1

Prion•added 2023/02/01 4:15 a.m.•17 views

Authorization

4.3CVSS7.5AI score0.00165EPSS

Exploits0References1Affected Software1

Kitploit•added 2023/01/30 11:30 a.m.•43 views

DFShell - The Best Forwarded Shell

██████╗ ███████╗███████╗██╗ ██╗███████╗██╗ ██╗ ██╔══██╗██╔════╝██╔════╝██║ ██║███╔═══╝██║ ██║ ██║ ██║█████╗ ███████╗███████║█████╗ ██║ ██║ ██║ ██║██╔══╝ ╚════██║██╔══██║██╔══╝ ██║ ██║ ██████╔╝██║ ███████║██║ ██║███████╗████████╗███████╗ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝╚══════╝╚══════╝╚══════╝ D3Ext's...

7.5AI score

Exploits0References4

UbuntuCve•added 2023/01/27 6:15 p.m.•36 views

CVE-2022-4335

A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host...

4.3CVSS5.9AI score0.0075EPSS

Exploits1References4

OSV•added 2023/01/27 12:0 a.m.•23 views

CVE-2022-4335

A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host...

4.3CVSS4.2AI score0.0075EPSS

Exploits1References5

Tenable Nessus•added 2023/01/23 12:0 a.m.•25 views

RHEL 7 / 8 : OpenShift Container Platform 4.3.31 openshift (RHSA-2020:3183)

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:3183 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...

8.8CVSS6.8AI score0.03597EPSS

Exploits5References5

Prion•added 2023/01/02 8:15 p.m.•10 views

Input validation

kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...

4CVSS6.5AI score0.00548EPSS

Exploits0References2Affected Software1

wpexploit•added 2022/12/23 12:0 a.m.•109 views

MashShare < 3.8.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...

5.4CVSS1AI score0.00534EPSS

Exploits2

RedHat Linux•added 2022/12/14 1:15 p.m.•3 views

quarkus_dev_ui: Dev UI Config Editor is vulnerable to drive-by localhost attacks leading to RCE

A vulnerability was found in quarkus. This issue occurs in Dev UI Config Editor, which is vulnerable to drive-by localhost attacks leading to remote code execution...

9.8CVSS6.1AI score0.32516EPSS

Exploits0References4

RedHat Linux•added 2022/12/13 1:20 p.m.•4 views

quarkus_dev_ui: Dev UI Config Editor is vulnerable to drive-by localhost attacks leading to RCE

A vulnerability was found in quarkus. This issue occurs in Dev UI Config Editor, which is vulnerable to drive-by localhost attacks leading to remote code execution...

9.8CVSS6.1AI score0.32516EPSS

Exploits0References4

Positive Technologies•added 2022/12/13 12:0 a.m.•3 views

PT-2022-6395 · Schneider Electric · Ecostruxure Power Commission

Name of the Vulnerable Software and Affected Versions: EcoStruxure Power Commission versions prior to V2.25 Description: A vulnerability exists that could cause unauthorized access to certain software functions when an attacker gains access to the localhost interface of the EcoStruxure Power...

7.8CVSS7.4AI score0.00165EPSS

Exploits0References7

0day.today•added 2022/12/13 12:0 a.m.•256 views

Judging Management System 1.0 SQL Injection Vulnerability

Judging Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: Judging Management System v1.0 - Authentication Bypass Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

0.2AI score

Exploits0

wpexploit•added 2022/12/05 12:0 a.m.•102 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgorder POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php...

6.5CVSS0.2AI score0.00854EPSS

Exploits2References1

wpexploit•added 2022/12/05 12:0 a.m.•126 views

Contest Gallery < 19.1.5.1 - Author+ SQL Injection

The plugins do not escape the upload POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST...

6.5CVSS0.5AI score0.00854EPSS

Exploits2References1

wpexploit•added 2022/12/05 12:0 a.m.•105 views

Contest Gallery Pro < 19.1.5 - Admin+ SQL Injection

The plugin does not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges i.e. on multisite WordPress configurations to leak sensitive information from the site's database. POST...

4.9CVSS0.8AI score0.00852EPSS

Exploits2References1

wpexploit•added 2022/12/05 12:0 a.m.•81 views

Contest Gallery < 19.1.5.1 - Author+ SQL Injection

The plugins do not escape the cgid POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php?page=/index.php&editgallery=1&wpmad...

6.5CVSS0.2AI score0.00854EPSS

Exploits2References1

wpexploit•added 2022/12/05 12:0 a.m.•115 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgcopystart POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST...

6.5CVSS0.7AI score0.00854EPSS

Exploits2References1

The Hacker News•added 2022/12/01 11:44 a.m.•59 views

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 CVSS score: 9.8, the shortcoming could be trivially abused by a malicious actor without any...

9.8CVSS1.3AI score0.32516EPSS

Exploits0

Veracode•added 2022/11/30 4:15 a.m.•36 views

Remote Code Execution (RCE)

quarkus-vertx-http is vulnerable to remote code execution. The vulnerability exists in multiple functions due to drive-by localhost attacks which allows an attacker to inject and execute malicious query parameters via the Dev UI Config Editor...

9.8CVSS9.5AI score0.32516EPSS

Exploits0References7Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by