CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

Snyk•added 2026/04/01 10:13 p.m.•0 views

Improper Verification of Cryptographic Signature

Overview @stablelib/cbor is a CBOR encoder and decoder Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the verify function. An attacker can generate a second distinct valid signature for the same message without access to the private key by...

9.1CVSS5.9AI score

Exploits0References2

Snyk•added 2025/12/18 6:45 p.m.•1 views

Arbitrary Code Injection

Overview @tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Arbitrary Code Injection via the improper use of gray-matter package. An...

8.6CVSS8AI score0.00069EPSS

Exploits1References2

Snyk•added 2025/11/13 3:45 p.m.•10 views

Relative Path Traversal

Overview privatebin/privatebin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Affected versions of this package are vulnerable to Relative Path Traversal via the template-switching feature when templateselection is enabled in the configuration. An...

6.9CVSS7.3AI score0.00153EPSS

Exploits0References2

Positive Technologies•added 2024/12/04 12:0 a.m.•2 views

PT-2024-10092 · Drupal · Drupal +1

Name of the Vulnerable Software and Affected Versions: Drupal Pages Restriction Access versions 2.0.0 through 2.0.2 Description: The issue is related to an incorrect authorization mechanism in the Pages Restriction Access module of the Drupal CMS system. This allows a remote attacker to bypass...

5.3CVSS7.3AI score0.00223EPSS

Exploits0References7

Positive Technologies•added 2024/09/11 12:0 a.m.•1 views

PT-2025-2091 · Drupal · Drupal Security Kit

Name of the Vulnerable Software and Affected Versions: Drupal Security Kit versions 0.0.0 through 2.0.2 Description: The issue is related to a 'Type Confusion' vulnerability, which allows an attacker to cause a denial of service via HTTP. This vulnerability can be exploited by a remote attacker...

5.3CVSS7.2AI score0.00135EPSS

Exploits0References5

Positive Technologies•added 2024/08/25 12:0 a.m.•2 views

PT-2024-13665 · Purevpn · Purevpn Linux Client

Name of the Vulnerable Software and Affected Versions: PureVPN Linux client version 2.0.2 Description: The PureVPN Linux client fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers. This issue is related to improper...

5.3CVSS7.2AI score0.00049EPSS

Exploits1References11

OSV•added 2023/12/18 9:15 a.m.•0 views

CVE-2023-41314

The api /api/snapshot and /api/getlogfile would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues...

8.2CVSS5.9AI score

Exploits0References1

Vulnrichment•added 2023/12/18 8:27 a.m.•17 views

CVE-2023-41314 Apache Doris: Missing API authentication allowed DoS

The api /api/snapshot and /api/getlogfile would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues...

7.2AI score0.00384EPSS

Exploits0References1

Cvelist•added 2023/12/18 8:27 a.m.•19 views

CVE-2023-41314 Apache Doris: Missing API authentication allowed DoS

The api /api/snapshot and /api/getlogfile would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues...

8.5AI score0.00384EPSS

Exploits0References1

Positive Technologies•added 2023/10/24 12:0 a.m.•2 views

PT-2023-7024 · Nautobot · Nautobot

Name of the Vulnerable Software and Affected Versions: Nautobot versions 2.0.0 through 2.0.2 Description: The issue concerns the exposure of hashed user passwords in Nautobot's REST API endpoints when the ?depth= query parameter is used. This affects any authenticated user with access to these...

8.3CVSS6.2AI score0.00209EPSS

Exploits1References13

SUSE CVE•added 2023/02/15 3:56 a.m.•1 views

SUSE CVE-2020-15210

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b a...

6.5CVSS6.4AI score0.00329EPSS

Exploits1References3

Snyk•added 2020/04/21 1:15 a.m.•1 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme. Remediation Upgrade re2c to version 2.0.3 or higher. References - GitHub Commit...

7.8CVSS7.5AI score0.00462EPSS

Exploits0References2

IBM Security Bulletins•added 2020/03/19 7:21 p.m.•34 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4663)

Summary IBM Cloud Transformation Advisor has addressed the following vulnerability. CVE-2019-4663 Vulnerability Details CVEID: CVE-2019-4663 DESCRIPTION: IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript...

5.4CVSS1.2AI score0.00218EPSS

Exploits0Affected Software1

Positive Technologies•added 2006/10/28 12:0 a.m.•1 views

PT-2006-6306 · Unknown · Goop Gallery

Name of the Vulnerable Software and Affected Versions: GOOP Gallery versions prior to 2.0.3 Description: A cross-site scripting issue exists, allowing remote attackers to inject arbitrary HTML or web script via the image parameter in the index.php file. Recommendations: For versions prior to 2.0....

4.3CVSS6.1AI score0.00521EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by