CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5296 matches found

CVE•added 2022/04/12 9:7 a.m.•98 views

CVE-2022-25752

CVE-2022-25752 relates to Siemens SCALANCE X-300/XR324 series devices where the webserver counts and uses session IDs/nonces insecurely. This design flaw could let an unauthenticated remote attacker brute‑force session IDs and hijack existing sessions, potentially affecting a wide range of SCALAN...

9.8CVSS9.3AI score0.01357EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2022/04/12 12:0 a.m.•2 views

PT-2022-3540 · Siemens · Scalance X310 +14

Name of the Vulnerable Software and Affected Versions: SCALANCE X302-7 EEC 230V SCALANCE X302-7 EEC 230V, coated SCALANCE X302-7 EEC 24V SCALANCE X302-7 EEC 24V, coated SCALANCE X302-7 EEC 2x 230V SCALANCE X302-7 EEC 2x 230V, coated SCALANCE X302-7 EEC 2x 24V SCALANCE X302-7 EEC 2x 24V, coated...

7.8CVSS7.2AI score0.0124EPSS

Exploits0References4

ATTACKERKB•added 2022/04/11 12:0 a.m.•4 views

CVE-2022-24423

Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to cause resource exhaustion in the webserver, resulting in a denial of service condition...

7.5CVSS7.2AI score0.01534EPSS

Exploits0References2

OSV•added 2022/04/07 7:15 p.m.•2 views

CVE-2022-22519

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system...

7.5CVSS7.4AI score0.01404EPSS

Exploits0References1

NVD•added 2022/04/07 7:15 p.m.•16 views

CVE-2022-22519

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system...

7.5CVSS0.01404EPSS

Exploits0References1

Prion•added 2022/04/07 7:15 p.m.•19 views

Design/Logic Flaw

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system...

5CVSS7.7AI score0.01404EPSS

Exploits0References1Affected Software18

Cvelist•added 2022/04/07 6:21 p.m.•25 views

CVE-2022-22519 Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system...

7.5CVSS7.9AI score0.01404EPSS

Exploits0References1

CVE•added 2022/04/07 6:21 p.m.•135 views

CVE-2022-22519

The CVE-2022-22519 entry describes a remote, unauthenticated attacker able to send crafted HTTP/HTTPS requests that trigger a buffer over-read, crashing the CODESYS Control runtime system webserver. This affects the CODESYS Control runtime/webserver and related components; CVSSv3.1 base score 7.5...

7.5CVSS7.8AI score0.01404EPSS

Exploits0References1Affected Software18

OSV•added 2022/04/07 6:15 p.m.•4 views

CVE-2021-43430

An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via imwebserver, which could let a malicious user upload PHP Trojan files...

8.8CVSS7.3AI score0.01128EPSS

Exploits1References1

OSV•added 2022/04/06 10:15 a.m.•1 views

CVE-2021-43205

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries...

5.3CVSS5.8AI score0.00888EPSS

Exploits0References1

Prion•added 2022/04/06 10:15 a.m.•19 views

Xxe

5CVSS5.2AI score0.00888EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2022/04/06 10:0 a.m.•4 views

CVE-2022-22519

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system...

7.5CVSS7.3AI score0.01404EPSS

Exploits0References2Affected Software17

Vulnrichment•added 2022/04/06 9:15 a.m.•8 views

CVE-2021-43205

4.3CVSS6.6AI score0.00888EPSS

Exploits0References1

Fortinet•added 2022/04/05 12:0 a.m.•42 views

FortiClient (Linux) - external access to confighandler webserver

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClient for Linux may allow an unauthenticated attacker to access the confighandler webserver via external binaries...

5CVSS4.4AI score0.00888EPSS

Exploits0Affected Software1

Veracode•added 2022/03/28 7:43 a.m.•25 views

Cross-site Scripting (XSS)

libkiwix.so is vulnerable to cross-site scriptingXSS attacks. The library does not properly escape the searchURL parameter in the built-in webserver functionality, which allows an attacker to inject and execute malicious code...

6.1CVSS3.2AI score0.00855EPSS

Exploits0References5Affected Software1

ATTACKERKB•added 2022/03/25 8:15 p.m.•2 views

CVE-2022-27920

libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0...

6.1CVSS6.3AI score0.00855EPSS

Exploits0References5

NVD•added 2022/03/25 8:15 p.m.•23 views

CVE-2022-27920

libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0...

6.1CVSS0.00855EPSS

Exploits0References3