CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6334 matches found

CNNVD•added 2022/06/17 12:0 a.m.•5 views

AutomationDirect DirectLOGIC 安全漏洞

AutomationDirect DirectLOGIC is a programmable logic controller from AutomationDirect, Inc. A security vulnerability in AutomationDirect DirectLOGIC, which can be exploited by an attacker to cause loss of sensitive device information, unauthorized changes, and denial of service conditions, affect...

7.8CVSS7.3AI score0.00296EPSS

Exploits0References5

RedHat Linux•added 2022/06/16 2:57 p.m.•5 views

grub2: shim_lock verifier allows non-kernel files to be loaded

A flaw was found in grub2. The shimlock verifier from grub2 allows non-kernel files to be loaded when secure boot is enabled, giving the possibility of unverified code or modules to be loaded when it should not be allowed...

7.8CVSS7.3AI score0.00316EPSS

Exploits0References4

Veracode•added 2022/06/16 4:50 a.m.•5 views

Authentication Bypass

grub2 is vulnerable to authentication bypass. The vulnerability exists because the shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems, allowing an attacker to load unverified modules into GRUB and bypass secure boot protection mechanism...

7.8CVSS6.8AI score0.00316EPSS

Exploits0References4Affected Software2

ICS•added 2022/06/16 12:0 a.m.•56 views

AutomationDirect DirectLOGIC with Ethernet

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: DirectLOGIC with Ethernet Communication Modules Vulnerabilities: Uncontrolled Resource Consumption, Cleartext Transmission of Sensitive Information 2. UPDATE OR REPOSTED...

9.1CVSS9AI score0.00827EPSS

Exploits0References4

Code423n4•added 2022/06/14 12:0 a.m.•9 views

Too many setToken modules may cause gas limit error

Lines of code Vulnerability details Impact Too many setToken modules may cause gas limit error. Has these impacts: 1. These setToken can't be initialized in NotionalTradeModule 2. Cannot remove any module from that setToken Proof of Concept / @dev MANGER ONLY: Initialize given SetToken with initi...

6.7AI score

Exploits0

OSSF Malicious Packages•added 2022/06/13 5:48 a.m.•3 views

Malicious code in dashboard-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2616bed5786e244ce809de0caa8e23eb8d4725566cdad7f1d4d8f5f85a5f9286 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References1

OSV•added 2022/06/13 5:48 a.m.•10 views

MAL-2022-2334 Malicious code in dashboard-modules (npm)

7AI score

Exploits0References1

CNNVD•added 2022/06/11 12:0 a.m.•4 views

GUnet Open eClass Platform 跨站脚本漏洞

GUnet Open eClass Platform is an integrated course management system for GUnet eClass. A security vulnerability exists in GUnet Open eClass Platform openeclass versions prior to 3.12.2, which can be exploited by attackers to conduct XSS attacks via the modules/auth/formuser.php auth parameter...

6.1CVSS6.2AI score0.00955EPSS

Exploits1References4

OSV•added 2022/06/10 7:39 p.m.•1 views

DRUPAL-CORE-2022-011

Updated 22:00 UTC 2022-06-10: Added steps to update without drupal/core-recommended. Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released two security advisories: Failure to strip the Cookie header on change in host or HTTP...

7.5CVSS7.2AI score0.01808EPSS

Exploits0References1

NVD•added 2022/06/09 5:15 p.m.•25 views

CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

9.1CVSS0.0569EPSS

Exploits0References6

OSV•added 2022/06/09 5:15 p.m.•2 views

ALPINE-CVE-2022-28615

9.1CVSS6.8AI score0.0569EPSS

Exploits0References1

OSV•added 2022/06/09 5:15 p.m.•39 views

CVE-2022-28615

9.1CVSS9.3AI score

Exploits0References6

Prion•added 2022/06/09 5:15 p.m.•33 views

Out-of-bounds

6.4CVSS9.1AI score0.0569EPSS

Exploits0References6Affected Software2

OSV•added 2022/06/09 5:15 p.m.•3 views

UBUNTU-CVE-2022-28614

The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...

5.3CVSS6.8AI score0.04398EPSS

Exploits0References7

OSV•added 2022/06/09 5:15 p.m.•1 views

UBUNTU-CVE-2022-28615

9.1CVSS7.2AI score0.0569EPSS

Exploits0References7

Prion•added 2022/06/09 3:15 p.m.•25 views

Sql injection

CMS Made Simple =2.2.15 is affected by SQL injection in modules/News/function.adminarticlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '...

6.5CVSS9AI score0.01635EPSS

Exploits1References4Affected Software1