CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

RedhatCVE•added 2026/01/09 8:41 a.m.•7 views

CVE-2022-0960

Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4...

9CVSS5.8AI score0.0084EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2008-2800

Malware in sbrugna...

5CVSS6.1AI score0.0156EPSS

Exploits1References66

OSV•added 2024/11/26 12:15 p.m.•2 views

CVE-2024-38831

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations...

7.8CVSS5.8AI score0.00287EPSS

Exploits0References1

Cvelist•added 2024/11/26 11:50 a.m.•30 views

CVE-2024-38831 Local privilege escalation vulnerability (CVE-2024-38831)

7.8CVSS0.00287EPSS

Exploits0References1

Positive Technologies•added 2024/06/20 12:0 a.m.•3 views

PT-2024-13679 · Github · Github

Name of the Vulnerable Software and Affected Versions: Kiuwan SAST: versions prior to the fixed version Kiuwan Local Analyzer KLA affected versions not specified Description: The Kiuwan Local Analyzer KLA Java scanning application contains several hard-coded secrets in plain text format,...

7.8CVSS7AI score0.00178EPSS

Exploits1References4

OSV•added 2023/06/20 8:15 a.m.•2 views

CVE-2023-26427

Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known...

3.3CVSS5.8AI score0.00312EPSS

Exploits0References4

NVD•added 2023/06/20 8:15 a.m.•10 views

CVE-2023-26427

3.3CVSS3.9AI score0.00312EPSS

Exploits0References4

Prion•added 2023/06/20 8:15 a.m.•16 views

Default credentials

1.7CVSS4.2AI score0.00312EPSS

Exploits0References4Affected Software1

Cvelist•added 2023/06/20 7:51 a.m.•17 views

CVE-2023-26427

3.2CVSS4.3AI score0.00312EPSS

Exploits0References4

CVE•added 2023/06/20 7:51 a.m.•48 views

CVE-2023-26427

CVE-2023-26427 affects Open-Xchange OX App Suite. The issue stems from overly permissive default permissions on noreply.properties installed with the package, allowing local system users to read potentially sensitive information. The CVE description notes that the default permissions were updated...

3.3CVSS4.2AI score0.00312EPSS

Exploits0References4Affected Software1

SUSE CVE•added 2023/02/15 6:7 a.m.•3 views

SUSE CVE-2008-2807

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file...

5CVSS6.7AI score0.0156EPSS

Exploits1References4

OSV•added 2022/06/30 8:15 p.m.•1 views

CVE-2022-23720

PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID...

8.2CVSS5.7AI score0.00234EPSS

Exploits0References2

Cvelist•added 2022/06/30 7:25 p.m.•14 views

CVE-2022-23720 PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file

7.5CVSS8.3AI score0.00234EPSS

Exploits0References2

CNNVD•added 2022/06/22 12:0 a.m.•3 views

Jenkins Plugin EasyQA 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins EasyQA Plugin 1.0 and prior...

6.5CVSS5.7AI score0.00647EPSS

Exploits0References4

BDU FSTEC•added 2022/04/13 12:0 a.m.•2 views

The vulnerability of the software for managing virtual infrastructure, such as VMware vCenter Server and VMware Cloud Foundation, is related to deficiencies in access control. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the software for managing virtual infrastructure, such as VMware vCenter Server and VMware Cloud Foundation, is related to deficiencies in access control to the /etc/vmware-vpx/vcdb.properties file, which contains plaintext credentials. Exploiting this vulnerability could all...

5.5CVSS7.1AI score0.13935EPSS

Exploits2References8Affected Software1

ATTACKERKB•added 2022/03/29 1:15 p.m.•2 views

CVE-2022-28159

Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.8AI score0.00792EPSS

Exploits0References3

OSV•added 2022/03/15 12:0 a.m.•28 views

GHSA-RPHC-H572-2X9F Cross-site Scripting in showdoc/showdoc

ShowDoc is a tool greatly applicable for an IT team to share documents online. showdoc/showdoc allows .properties files to upload which lead to stored XSS in versions prior to 2.10.4. This allows attackers to execute malicious scripts in the user's browser. This issue was patched in version 2.10....

9CVSS5.2AI score0.0084EPSS

Exploits1References4

NVD•added 2022/03/14 3:15 p.m.•13 views

CVE-2022-0960

Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4...

9CVSS0.0084EPSS

Exploits1References2

Prion•added 2022/03/14 3:15 p.m.•12 views

Cross site scripting

Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4...

3.5CVSS5.2AI score0.0084EPSS

Exploits1References2Affected Software1