CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AlpineLinux•added 2024/04/23 8:15 p.m.•1 views

CVE-2024-32660

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available...

7.5CVSS7AI score0.01178EPSS

Exploits0References8

Openbugbounty•added 2024/04/22 7:36 p.m.•16 views

torontojobsjournal.ca Cross Site Scripting vulnerability OBB-3920570

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CBLMariner•added 2024/04/19 10:15 p.m.•12 views

CVE-2022-31394 affecting package rpm-ostree for versions less than 2022.1-7

CVE-2022-31394 affecting package rpm-ostree for versions less than 2022.1-7. A patched version of the package is available...

7.5CVSS7.7AI score0.01076EPSS

Exploits1

Patchstack•added 2024/04/12 11:7 a.m.•4 views

WordPress Welcart e-Commerce plugin <= 2.9.14 - Broken Access Control + CSRF vulnerability

Broken Access Control + CSRF vulnerability discovered by emad Patchstack Alliance in WordPress Plugin Welcart e-Commerce versions = 2.9.14...

5.4CVSS7AI score0.00337EPSS

Exploits0Affected Software1

Openbugbounty•added 2024/04/11 1:5 p.m.•9 views

baytemuer.de Cross Site Scripting vulnerability OBB-3916177

NVD•added 2024/04/10 10:15 p.m.•16 views

CVE-2024-31999

@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...

7.4CVSS7.4AI score0.00616EPSS

Exploits0References2

UbuntuCve•added 2024/04/10 7:15 p.m.•19 views

CVE-2021-47209

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Prevent dead task groups from regaining cfsrq's Kevin is reporting crashes which point to a use-after-free of a cfsrq in updateblockedaverages. Initial debugging revealed that we've live cfsrq's onlist=1 in an about t...

5.5CVSS5.9AI score0.00196EPSS

OSV•added 2024/04/10 5:16 p.m.•1 views

GHSA-HF43-47Q4-FHQ5 XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution

Impact The HTML escaping of escaping tool that is used in XWiki doesn't escape , which, when used in certain places, allows XWiki syntax injection and thereby remote code execution. To reproduce in an XWiki installation, open...

10CVSS6AI score0.02104EPSS

Exploits1References8

Github Security Blog•added 2024/04/10 5:7 p.m.•25 views

XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted

Impact It is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's possible for an attacker to have access to the hash password of a user if they have rights to edit the users' page. No...

6.8CVSS6.7AI score0.00376EPSS

Exploits0References7Affected Software1

NVD•added 2024/04/09 6:15 p.m.•26 views

CVE-2024-22423

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...

9.8CVSS8AI score0.01254EPSS

Exploits1References7

Cvelist•added 2024/04/04 2:57 p.m.•13 views

CVE-2024-30250 In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists

Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid integrity attributes to...

7.5CVSS7.8AI score0.0031EPSS

Vulnrichment•added 2024/04/04 2:57 p.m.•11 views

CVE-2024-30250 In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists

7.5CVSS7.7AI score0.0031EPSS

Openbugbounty•added 2024/04/01 2:4 a.m.•11 views

kunstjobs.de Cross Site Scripting vulnerability OBB-3891533

Vulnrichment•added 2024/03/29 3:23 p.m.•16 views

CVE-2024-29901 @workos-inc/authkit-nextjs session replay vulnerability

The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the x-workos-session header. The vulnerability is patched in v0.4.2...

4.8CVSS7.1AI score0.00659EPSS

Exploits0References3

Openbugbounty•added 2024/03/28 10:32 a.m.•11 views

andelshastar.se Cross Site Scripting vulnerability OBB-3890158

Openbugbounty•added 2024/03/24 7:46 p.m.•8 views

acsapps.wku.edu Cross Site Scripting vulnerability OBB-3884712

Openbugbounty•added 2024/03/21 4:43 a.m.•5 views

lib.dovu.upol.cz Cross Site Scripting vulnerability OBB-3882245

Wordfence Blog•added 2024/03/20 3:0 p.m.•20 views

$601 Bounty Awarded for Interesting Cross-Site Request Forgery to Local JS File Inclusion Vulnerability Patched in File Manager WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 15th, 2024, during our second Bug Bounty Extravaganza...

6.8CVSS7.7AI score0.10651EPSS

Openbugbounty•added 2024/03/18 7:13 p.m.•9 views

cartagena.es Cross Site Scripting vulnerability OBB-3876938