CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7822 matches found

CVE•added 2024/07/09 5:50 p.m.•66 views

CVE-2024-39698

The CVE-2024-39698 entry concerns a Windows code-signing bypass in electron-updater. A flaw in the verification routine in packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts arises because the surrounding shell (cmd.exe) expands environment variables in the command line, enab...

7.5CVSS7.1AI score0.00336EPSS

Exploits1References4Affected Software1

GithubExploit•added 2024/07/09 4:14 p.m.•541 views

Exploit for ASP.NET Misconfiguration: Use of Identity Impersonation in Vmware Vcenter_Server

VMware vCenter - CVE-2024-37081 Proof of Concept Descripci...

7.8CVSS8.3AI score0.04989EPSS

Exploits3

Positive Technologies•added 2024/07/09 12:0 a.m.•7 views

PT-2024-28636 · Unknown · Electron-Updater

Name of the Vulnerable Software and Affected Versions: electron-updater versions prior to 6.3.0-alpha.6 Description: The issue concerns the signature validation routine for Electron applications on Windows, implemented in the file...

7.7CVSS6.4AI score0.00336EPSS

Exploits1References10

Spring Security Advisories•added 2024/07/08 12:0 a.m.•9 views

Spring AI - Groq AI inference

Faster information processing not only inform—it transforms how we perceive and innovate. Spring AI, a powerful framework for integrating AI capabilities into Spring applications, now offers support for Groq - a blazingly fast AI inference engine with supports for Tool/Function calling. Because...

6.9AI score

Exploits0

OSV•added 2024/07/05 11:8 a.m.•3 views

OESA-2024-1785 squid security update

Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests. Security Fixes: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an...

6.3CVSS7AI score0.06255EPSS

Exploits0References2

CNVD•added 2024/07/05 12:0 a.m.•7 views

Dell BIOS Input Validation Error Vulnerability (CNVD-2024-31393)

Dell BIOS is embedded software on a small memory chip on the motherboard of a computer from Dell USA. The Dell BIOS has an input validation error vulnerability that originates from the inclusion of incorrect input validation. A locally authenticated attacker with administrator privileges could...

6.7CVSS6.6AI score0.00147EPSS

Exploits0References1

Tenable Nessus•added 2024/07/03 12:0 a.m.•30 views

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2024-21892)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21892 advisory. - On Linux, Node.js ignores certain environment variables if those May have been set by an...

7.8CVSS7.2AI score0.00562EPSS

Exploits0References2

OSV•added 2024/07/02 8:15 p.m.•5 views

AZL-79036 CVE-2023-24531 affecting package golang 1.25.7-1

Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or inserting new environment variables. This issue is...

9.8CVSS7.1AI score0.00833EPSS

Exploits0References1

OSV•added 2024/07/02 8:15 p.m.•21 views

CVE-2023-24531

7AI score

Exploits0References6

OSV•added 2024/07/02 8:15 p.m.•2 views

DEBIAN-CVE-2023-24531

9.8CVSS7.5AI score0.00833EPSS

Exploits0References1

OSV•added 2024/07/02 8:15 p.m.•5 views

UBUNTU-CVE-2023-24531

9.8CVSS7.1AI score0.00833EPSS

Exploits0References9

UbuntuCve•added 2024/07/02 8:15 p.m.•20 views

CVE-2023-24531

9.8CVSS7AI score0.00833EPSS

Exploits0References8

CVE•added 2024/07/02 7:51 p.m.•297 views

CVE-2023-24531

CVE-2023-24531 concerns that the go env output may include an unsanitized shell script of the Go environment, enabling arbitrary commands or env variable insertion if executed as a script. Connected advisories confirm Go vulnerabilities across various platforms (e.g., Ubuntu USNs, OpenVAS listing...

9.8CVSS9.4AI score0.00833EPSS

Exploits0References6

Cvelist•added 2024/07/02 7:51 p.m.•38 views

CVE-2023-24531 Output of "go env" does not sanitize values in cmd/go

0.00833EPSS

Exploits0References5

Vulnrichment•added 2024/07/02 7:51 p.m.•23 views

CVE-2023-24531 Output of "go env" does not sanitize values in cmd/go

7AI score0.00833EPSS

Exploits0References5

Debian CVE•added 2024/07/02 7:51 p.m.•10 views

CVE-2023-24531

9.8CVSS7.1AI score0.00833EPSS

Exploits0

CNNVD•added 2024/07/02 12:0 a.m.•3 views

Dell BIOS 输入验证错误漏洞

6.7CVSS6.5AI score0.00147EPSS

Exploits0References2

CNNVD•added 2024/07/02 12:0 a.m.•3 views

Google Golang Security Vulnerability

Google Golang is a static strongly typed, compiled language from Google.Go's syntax is close to that of C, but differs with respect to variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages that...

9.8CVSS7.2AI score0.00833EPSS

Exploits0References7

OSV•added 2024/07/01 7:20 p.m.•17 views

GHSA-J59V-VGCR-HXVF GeoServer's Server Status shows sensitive environmental variables and Java properties

GeoServer's Server Status page and REST API at /geoserver/rest/about/status lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules' status message. These variables/properties can also contain sensitive information, such as...

4.5CVSS5.1AI score0.00397EPSS

Exploits0References3

Github Security Blog•added 2024/07/01 7:20 p.m.•33 views

GeoServer's Server Status shows sensitive environmental variables and Java properties

4.9CVSS6.9AI score0.00397EPSS

Exploits0References3Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by