CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1073 matches found

CVE•added 2023/05/31 1:3 p.m.•47 views

CVE-2023-34226

CVE-2023-34226 affects JetBrains TeamCity prior to version 2023.05, where a reflected cross-site scripting (XSS) flaw was disclosed on the Subscriptions page. The issue arises from improper input handling that allows untrusted input to be reflected in the UI, enabling potential user‑driven script...

6.1CVSS5.9AI score0.00033EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2023/05/31 12:0 a.m.•4 views

PT-2023-24751 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2023.05 Description: The issue is related to reflected XSS in the Subscriptions page. Recommendations: For versions prior to 2023.05, update to version 2023.05 or later to resolve the issue...

6.1CVSS5.9AI score0.00033EPSS

Exploits0References5

OSV•added 2023/05/22 2:15 p.m.•9 views

CVE-2023-31453

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised ...

7.5CVSS7.1AI score

Exploits0References1

CNNVD•added 2023/05/22 12:0 a.m.•1 views

Apache InLong 安全漏洞

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. An authorization issue vulnerability exists in Apache InLong versions 1.2.0 through 1.6.0. The vulnerability stems from improper privilege management. An attacker can exploit the vulnerabili...

7.5CVSS7AI score0.00454EPSS

Exploits0References2

Wired Threat Level•added 2023/05/17 10:0 a.m.•17 views

ChatGPT Scams Are Infiltrating Apple's App Store and Google Play

An explosion of interest in OpenAI’s sophisticated chatbot means a proliferation of “fleeceware” apps that trick users with sneaky in-app subscriptions...

6.9AI score

Exploits0

Prion•added 2023/05/08 9:15 p.m.•14 views

Design/Logic Flaw

Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute...

5CVSS7.5AI score0.06897EPSS

Exploits0References3Affected Software1

OSV•added 2023/05/08 8:56 p.m.•11 views

CVE-2023-31133 Ghost vulnerable to disclosure of private API fields

7.5CVSS7.3AI score0.06897EPSS

Exploits0References5

NVD•added 2023/05/02 2:15 p.m.•10 views

CVE-2023-2445

Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name...

4.9CVSS5AI score0.00157EPSS

Exploits0References1

OSV•added 2023/05/02 2:15 p.m.•2 views

CVE-2023-2445

4.9CVSS5.8AI score

Exploits0References1

Prion•added 2023/05/02 2:15 p.m.•24 views

Improper access control

3.3CVSS5AI score0.00157EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/05/02 1:11 p.m.•13 views

CVE-2023-2445

5.3AI score0.00157EPSS

Exploits0References1

CVE•added 2023/05/02 1:11 p.m.•53 views

CVE-2023-2445

Summary of CVE-2023-2445 (Devolutions Server) Affected software: Devolutions Server, versions 2023.1.1 and earlier. Vulnerability: Improper access control in the Subscriptions Folder path filter. This allows attackers with administrator privileges to retrieve usage information about folders in a ...

4.9CVSS4.9AI score0.00157EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2023/05/02 12:0 a.m.•2 views

PT-2023-19610 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2023.1.1 and earlier Description: The issue is related to improper access control in the Subscriptions Folder path filter, allowing attackers with administrator privileges to retrieve usage information on folders i...

4.9CVSS6.8AI score0.00157EPSS

Exploits0References4

BDU FSTEC•added 2023/03/28 12:0 a.m.•1 views

The vulnerability of the Active IQ Unified Manager, a tool for managing the state and performance of data storage systems, stems from deficiencies in access control. This allows attackers to update subscriptions to EMS.

The vulnerability of the Active IQ Unified Manager, a tool for managing system storage performance and status, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to update subscriptions to EMS through unauthorized channels...

6.8CVSS0.00165EPSS

Exploits0References2Affected Software1

Veracode•added 2023/03/17 8:46 a.m.•25 views

Improper Access Control

moodle/moodle is vulnerable to Improper Access Control. The vulnerability exists in calendarcaneditsubscription function of lib.php because the user subscriptions are not properly handled which allows an attacker to edit user subscriptions and perform unauthorized actions...

5.3CVSS5.7AI score0.0028EPSS

Exploits0References5Affected Software1

WPVulnDB•added 2023/03/11 12:0 a.m.•18 views

FluentCRM - Marketing Automation For WordPress < 2.8.0 - Unauthenticated Subscriptions Update

The plugin does not properly secure the use of MD5 hash without a salt to control subscriptions, making it possible for unauthenticated attackers to unsubscribe users from lists and manage subscriptions...

5.3CVSS6.9AI score0.01598EPSS

Exploits1References1Affected Software1