CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

112 matches found

Prion•added 2018/11/18 5:29 p.m.•24 views

Cross site scripting

Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...

4.3CVSS6AI score0.01511EPSS

Exploits0References5Affected Software1

Prion•added 2018/10/24 10:29 p.m.•14 views

Hardcoded credentials

The server API in the Anda app relies on hardcoded credentials...

7.5CVSS9.3AI score0.01142EPSS

Exploits0References1

NVD•added 2018/10/24 10:29 p.m.•10 views

CVE-2018-13342

The server API in the Anda app relies on hardcoded credentials...

9.8CVSS9.5AI score0.01142EPSS

Exploits0References1

Cvelist•added 2018/10/24 10:0 p.m.•11 views

CVE-2018-13342

The server API in the Anda app relies on hardcoded credentials...

9.5AI score0.01142EPSS

Exploits0References1

CVE•added 2018/10/24 10:0 p.m.•30 views

CVE-2018-13342

CVE-2018-13342: The Anda app’s server API is vulnerable due to hardcoded credentials in its authentication flow. According to NVD, the CVSS scores are 7.5 (2.0) and 9.8 (3.0), indicating a high/critical impact with network access, no authentication, and full compromise of confidentiality, integri...

9.8CVSS9.3AI score0.01142EPSS

Exploits0References1Affected Software1

CNVD•added 2017/12/19 12:0 a.m.•3 views

Heketi OS Command Injection Vulnerability

Heketi is a REST-based GlusterFS management framework that provides a RESTful management interface that can be used to manage the lifecycle of GlusterFS. server API is one of the server interfaces. An OS command injection vulnerability exists in the user request handling of the server API in Heke...

9CVSS7.8AI score0.05495EPSS

Exploits0References1

OSV•added 2017/11/16 1:46 a.m.•16 views

GHSA-6494-V9FQ-FGQ2 Keystone is vulnerable to CSV injection

CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...

8.8CVSS8.7AI score0.07217EPSS

Exploits4References5

NVD•added 2017/10/24 9:29 p.m.•10 views

CVE-2017-15879

8.8CVSS8.8AI score0.07217EPSS

Exploits4References3

OSV•added 2017/10/24 9:29 p.m.•11 views

CVE-2017-15879

8.8CVSS7AI score

Exploits0References3

UbuntuCve•added 2012/08/08 10:26 a.m.•30 views

CVE-2010-5142

chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI...

6.5CVSS5.9AI score0.01614EPSS

Exploits0References1

Packet Storm•added 2011/04/28 12:0 a.m.•45 views

xMatters AlarmPoint Java Web Server API 3.2.1 Cross Site Scripting

Information -------------------- Name : XSS Persistent vulnerability in xMatters AlarmPoint Java Web Server API Software : xMatters AlarmPoint Vendor Homepage : http://www.xmatters.com Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Juan Sacco Description ------------------...

7.4AI score

Exploits0