CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1402 matches found

OSV•added 2024/08/30 11:9 a.m.•2 views

OESA-2024-2074 moby security update

Docker is a product for you to build, ship and run any application as a lightweight container. Security Fixes: Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an...

9.9CVSS6.7AI score0.03345EPSS

Exploits0References2

Positive Technologies•added 2024/08/29 12:0 a.m.•3 views

PT-2024-29379 · Organizr · Organizr

Name of the Vulnerable Software and Affected Versions: Organizr version 1.90 Description: The issue is related to Cross Site Scripting XSS via the "api.php" endpoint. This means an attacker could potentially inject malicious scripts into the website, affecting users' sessions. Recommendations: Fo...

6.1CVSS6.1AI score0.00361EPSS

Exploits1References8

CNNVD•added 2024/08/20 12:0 a.m.•1 views

Umbraco 安全漏洞

Umbraco is an open source content management system CMS written in C by the Danish company Umbraco. A security vulnerability exists in Umbraco versions prior to 14.1.2, which stems from the fact that certain endpoints in the management API can return stack trace information even if Umbraco is not...

5.3CVSS6.2AI score0.00494EPSS

Exploits0References3

SUSE CVE•added 2024/08/13 1:42 a.m.•1 views

SUSE CVE-2024-43167

DISPUTE NOTE: this issue does not pose a security risk as it according to analysis by the original software developer, NLnet Labs falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet...

2.8CVSS6.3AI score0.00024EPSS

Exploits0References5

CNNVD•added 2024/08/13 12:0 a.m.•1 views

SAP Commerce Cloud 信息泄露漏洞

SAP Commerce Cloud is a cloud-based e-commerce platform from Germany's SAP. It supports sales management, marketing management, order management, and operations management. An information disclosure vulnerability exists in SAP Commerce Cloud that stems from certain OCC API endpoints that allow...

9.1CVSS6.1AI score0.00572EPSS

Exploits0References4

OSV•added 2024/08/12 1:38 p.m.•1 views

DEBIAN-CVE-2024-43167

2.8CVSS4.5AI score0.00024EPSS

Exploits0References1

CNNVD•added 2024/08/08 12:0 a.m.•1 views

Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware versions 6.6.5.1 and 6.5.8.13 and earlier, which stems from the search function in its application API, where the name field in the aggregations object is susceptib...

9.8CVSS7.3AI score0.00817EPSS

Exploits0References6

CNNVD•added 2024/08/06 12:0 a.m.•3 views

PrivX 安全漏洞

SSH PrivX is a scalable, cost-effective and highly automated privileged access management PAM solution from SSH. A security vulnerability exists in PrivX versions prior to 34.0 that stems from allowing data leakage and denial of service via the REST API...

9.1CVSS6.5AI score0.00433EPSS

Exploits1References3

Positive Technologies•added 2024/07/31 12:0 a.m.•3 views

PT-2024-11622 · Motorola · Q14 Mesh Router Firmware

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: An authentication bypass issue could allow an attacker to access API functions without authentication. Recommendations: At the moment, there is no information about a newer version that...

7.3CVSS7.2AI score0.0006EPSS

Exploits0References3

SUSE CVE•added 2024/07/26 3:11 a.m.•2 views

SUSE CVE-2024-41110

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

9.9CVSS8.5AI score0.03345EPSS

Exploits0References26

VulnCheck KEV•added 2024/07/25 12:0 a.m.•2 views

VulnCheck KEV: CVE-2017-1000226

Stop User Enumeration 1.3.8 allows user enumeration via the REST API...

5.3CVSS5.8AI score0.00424EPSS

Exploits1References1

NCSC•added 2024/07/19 1:6 p.m.•2 views

Vulnerability fixed in Cisco Smart Software Manager On-Prem

Cisco has fixed a vulnerability in Cisco SSM On-Prem formerly known as Cisco Smart Software Manager Satellite SSM Satellite. The vulnerability allows an unauthenticated malicious person with access to Cisco Smart Software Manager On-Prem to change users' passwords by sending an HTTP request. If...

10CVSS7AI score0.91469EPSS

Exploits3References8

OSV•added 2024/07/12 4:15 p.m.•1 views

CVE-2024-40539

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user...

9.8CVSS5.8AI score0.00052EPSS

Exploits1References1

OSV•added 2024/07/09 4:15 p.m.•2 views

CVE-2024-27784

Multiple Exposure of sensitive information to an unauthorized actor weaknesses CWE-200 vulnerability in Fortinet FortiAIOps 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files...

6.5CVSS5.8AI score0.00592EPSS

Exploits0References1

Positive Technologies•added 2024/07/09 12:0 a.m.•1 views

PT-2024-5557

Name of the Vulnerable Software and Affected Versions FortiAIOps version 2.0.0 Description The issue concerns the exposure of sensitive information to unauthorized actors. An authenticated, remote attacker may retrieve sensitive information from the API endpoint or log files. This is related to a...

9CVSS6.4AI score0.00592EPSS

Exploits0References10

Positive Technologies•added 2024/06/28 12:0 a.m.•2 views

PT-2024-27446

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned. Description It was identified that under certain specific preconditions, an API key that was originally created with specific privileges could be subsequently used to create new API keys that hav...

9.8CVSS5.3AI score0.00393EPSS

Exploits0References3