Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1748 matches found

Vulnrichment
Vulnrichmentadded 2023/05/02 12:0 p.m.12 views

CVE-2023-2473 Dreamer CMS Password Hash Calculation UserController.java updatePwd algorithmic complexity

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be...

4.3CVSS4.7AI score0.00929EPSS
Exploits0References3
CVE
CVEadded 2023/05/02 12:0 p.m.50 views

CVE-2023-2473

CVE-2023-2473 affects Dreamer CMS versions up to 4.1.3. The vulnerability resides in the Password Hash Calculation component, specifically the updatePwd function in the UserController.java, causing inefficient algorithmic complexity. The issue can be exploited remotely, with upgrade recommended a...

7.5CVSS5.8AI score0.00929EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2023/05/02 10:7 a.m.4 views

USN-6053-1 php7.0 vulnerability

It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations...

8.1CVSS6.7AI score0.00944EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2023/05/02 12:0 a.m.9 views

PT-2023-19753 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS versions up to 4.1.3 Description: A vulnerability was found in the Password Hash Calculation component, specifically affecting the updatePwd function of the UserController.java file. This issue leads to inefficient algorithmic...

7.5CVSS7.1AI score0.00929EPSS
Exploits0References7
OSV
OSVadded 2023/04/19 4:15 p.m.28 views

CVE-2023-22894

Strapi through 4.5.5 allows attackers with access to the admin panel to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then th...

4.9CVSS5.3AI score
Exploits0References3
NVD
NVDadded 2023/04/19 4:15 p.m.34 views

CVE-2023-22894

Strapi through 4.5.5 allows attackers with access to the admin panel to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then th...

9.8CVSS5AI score0.01658EPSS
Exploits2References3
Prion
Prionadded 2023/04/19 4:15 p.m.33 views

Default credentials

Strapi through 4.5.5 allows attackers with access to the admin panel to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then th...

3.3CVSS4.9AI score0.01658EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichmentadded 2023/04/19 12:0 a.m.17 views

CVE-2023-22894

Strapi through 4.5.5 allows attackers with access to the admin panel to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then th...

5AI score0.01658EPSS
Exploits2References3
Cvelist
Cvelistadded 2023/04/19 12:0 a.m.42 views

CVE-2023-22894

Strapi through 4.5.5 allows attackers with access to the admin panel to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then th...

5.3AI score0.01658EPSS
Exploits2References3
EUVD
EUVDadded 2023/04/19 12:0 a.m.11 views

EUVD-2023-1342

Strapi through 4.5.5 allows attackers with access to the admin panel to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then th...

4.9CVSS5.3AI score0.01658EPSS
Exploits2References8
Positive Technologies
Positive Technologiesadded 2023/04/18 12:0 a.m.16 views

PT-2023-18758 · Strapi · Strapi

Name of the Vulnerable Software and Affected Versions: Strapi versions 4.5.5 and earlier Strapi versions 4.7.1 and earlier Description: The issue allows attackers with access to the admin panel to discover sensitive user details by exploiting the query filter. An attacker can filter users by...

7.5CVSS9.3AI score0.01658EPSS
Exploits2References14
Prion
Prionadded 2023/04/17 3:15 p.m.13 views

Code injection

Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled ExperimentalAuditSettings section in config...

5CVSS7.5AI score0.0042EPSS
Exploits0References1Affected Software1
0day.today
0day.todayadded 2023/04/07 12:0 a.m.187 views

ChurchCRM 4.5.1 - Authenticated SQL Injection Exploit

Exploit Title: ChurchCRM 4.5.1 - Authenticated SQL Injection Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24787/CVE-2023-24787.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Version: 4.5.1 Tested on: Window...

6.4AI score
Exploits5
0day.today
0day.todayadded 2023/03/27 12:0 a.m.242 views

Raspberry Pi Camera Server 1.0 Authentication Bypass Vulnerability

Exploit Title: "camp" Raspberry Pi camera server 1.0 - Authentication Bypass Exploit Author: Elias Hohl Vendor Homepage: https://github.com/patrickfuller Software Link: https://github.com/patrickfuller/camp Version: bf6af5c2e5cf713e4050c11c52dd4c55e89880b1 Tested on: Ubuntu 20.04 CVE :...

9.8CVSS9.4AI score0.49201EPSS
Exploits3
Exploit DB
Exploit DBadded 2023/03/25 12:0 a.m.186 views

"camp" Raspberry Pi camera server 1.0 - Authentication Bypass

Exploit Title: "camp" Raspberry Pi camera server 1.0 - Authentication Bypass Date: 2022-07-25 Exploit Author: Elias Hohl Vendor Homepage: https://github.com/patrickfuller Software Link: https://github.com/patrickfuller/camp Version: bf6af5c2e5cf713e4050c11c52dd4c55e89880b1 Tested on: Ubuntu 20.04...

9.8CVSS9.7AI score0.49201EPSS
Exploits3
Packet Storm
Packet Stormadded 2023/03/16 12:0 a.m.396 views

Microsoft SQL Server 2014 / 2016 / 2017 / 2019 / 2022 Audit Logging Failure

Title: Microsoft SQL Server Password Hash Exposure Product: Database Manufacturer: Microsoft Affected Versions: 2012-2022 Risk Level: Medium CVE Reference: N/A Author of Advisory: Emad Al-Mousa Overview: SQL Server is a popular database system, and database systems are a vital backbone in IT...

7.4AI score
Exploits0
Prion
Prionadded 2023/03/07 7:15 p.m.13 views

Design/Logic Flaw

Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the password field in directususers can extract the argon2 password hashes by brute forcing the export functionality combined with a startswith filter. This allow...

4CVSS4.7AI score0.00604EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2023/03/07 6:20 p.m.28 views

CVE-2023-27481 Extract password hashes through export querying in directus

Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the password field in directususers can extract the argon2 password hashes by brute forcing the export functionality combined with a startswith filter. This allow...

4.3CVSS5.2AI score0.00604EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2023/03/07 6:20 p.m.9 views

CVE-2023-27481 Extract password hashes through export querying in directus

Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the password field in directususers can extract the argon2 password hashes by brute forcing the export functionality combined with a startswith filter. This allow...

4.3CVSS4.8AI score0.00604EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2023/03/07 12:0 a.m.4 views

PT-2023-7550 · Unknown · Trace Mode

Name of the Vulnerable Software and Affected Versions: TRACE MODE affected versions not specified Description: The issue is related to the storage of unencrypted credentials in the SCADA system. Exploitation of this issue could allow an attacker to substitute a password hash from one user to...

4.9CVSS7AI score
Exploits0References1
Rows per page
Query Builder