CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6525 matches found

RedHat Linux•added 2020/12/16 12:11 p.m.•2 views

shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass

A flaw was found in Apache Shiro in versions prior to 1.5.3. When using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS5.7AI score0.84744EPSS

Exploits1References4

RedHat Linux•added 2020/12/16 12:11 p.m.•1 views

spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

9.8CVSS5.8AI score0.02036EPSS

Exploits0References5

OSV•added 2020/12/11 3:15 a.m.•2 views

CVE-2020-9301

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container...

8.8CVSS5.9AI score0.00861EPSS

Exploits0References1

CNNVD•added 2020/12/10 12:0 a.m.•4 views

Netflix Spinnaker Code Issue Vulnerability

Netflix Spinnaker is a continuous delivery platform from the American company Netflix. The platform serves as a cloud platform deployment tool that supports Google, Microsoft, Pivotal, and other cloud platforms, providing out-of-the-box cluster management and deployment capabilities. Netflix...

8.8CVSS7.5AI score0.00861EPSS

Exploits0References2

CNVD•added 2020/11/26 12:0 a.m.•1 views

Command Execution Vulnerability in Huaxia ERP (CNVD-2020-70782)

Huaxia ERP based on SpringBoot framework , aspires to provide small and medium-sized enterprises with open source and good ERP software , currently focusing on sales and inventory + financial functions . HUAXIA ERP has a command execution vulnerability. Attackers can use this vulnerability to...

7.3AI score

Exploits0

IBM Security Bulletins•added 2020/11/20 8:41 p.m.•57 views

Security Bulletin: Vulnerabilities in jQuery, Spring, Dom4j, MongoDB, Linux Kernel, Targetcli-fb, Jackson, Node.js, and Apache Commons affect IBM Spectrum Protect Plus

Summary Multiple vulnerabilities in jQuery, Spring, Dom4j, MongoDB, Linux Kernel, Targetcli-fb, Jackson, Node.js, and Apache Commons affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-5408 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to obtain...

9.8CVSS1.2AI score0.3466EPSS

Exploits18Affected Software1

CNVD•added 2020/11/20 12:0 a.m.•3 views

Unauthorized access and file upload vulnerabilities in Ruoyi's backend management system

Ruoyi backend management system is based on SpringBoot, Spring Security, JWT, Vue & Element of the front and back end separation of permissions management system , can be used for all Web applications , such as website management backend , website member center , CMS, CRM, OA and so on. If there ...

7.2AI score

Exploits0

ThreatPost•added 2020/11/19 9:34 p.m.•106 views

German COVID-19 Contact-Tracing Vulnerability Allowed RCE

A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App CWA, would have allowed pre-authenticated remote code execution RCE. Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security La...

7.8AI score

Exploits0References9

Veracode•added 2020/11/06 7:16 a.m.•23 views

Authentication Bypass

shiro-spring-boot-web-starter is vulnerable to authentication bypass. An attacker is able to bypass authentication via a malicious HTTP request...

9.8CVSS2.1AI score0.01799EPSS

Exploits0References19Affected Software1