CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5317 matches found

OSV•added 2023/05/08 8:15 a.m.•2 views

CVE-2023-2534

Improper Authorization vulnerability in OTRS AG OTRS 8 Websocket API backend allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. Fuzzing for...

8.1CVSS7.3AI score0.00526EPSS

Exploits0References1

Prion•added 2023/05/08 8:15 a.m.•27 views

Authorization

5.5CVSS8AI score0.00526EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/05/08 7:29 a.m.•10 views

CVE-2023-2534 Information disclouse and DoS via websocket push events

7.6CVSS8.2AI score0.00526EPSS

Exploits0References1

CVE•added 2023/05/08 7:29 a.m.•45 views

CVE-2023-2534

CVE-2023-2534 affects OTRS 8 (Websocket API backend). The issue allows an authenticated Agent to track user behavior and gain live insight into overall system usage, with possible correlation of user IDs to real names via ticket histories. The vulnerability is associated with the Websocket push e...

8.1CVSS7.9AI score0.00526EPSS

Exploits0References1Affected Software1

Exploit DB•added 2023/05/02 12:0 a.m.•283 views

Serendipity 2.4.0 - File Inclusion RCE

Exploit Title: Serendipity 2.4.0 - File Inclusion RCE Author: nu11secur1ty Date: 04.26.2023 Vendor: https://docs.s9y.org/index.html Software: https://github.com/s9y/Serendipity/releases/tag/2.4.0 Reference: https://portswigger.net/web-security/file-upload Reference:...

7.4AI score

Exploits0

NVD•added 2023/04/28 4:15 p.m.•25 views

CVE-2023-30856

eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The projec...

10CVSS9.1AI score0.00348EPSS

Exploits1References3

Prion•added 2023/04/28 4:15 p.m.•112 views

Cross site scripting

7.5CVSS9.3AI score0.00348EPSS

Exploits1References3Affected Software1

CVE•added 2023/04/28 3:54 p.m.•91 views

CVE-2023-30856

eDEX-UI (versions ≤2.2.8) is affected by CVE-2023-30856 due to cross-site WebSocket hijacking that enables remote command execution. Root cause: lack of origin validation in the internal WebSocket server. Vulnerable code location: edex-ui/src/classes/terminal.class.js:458. A community patch propo...

10CVSS9.3AI score0.00348EPSS

Exploits1References3Affected Software1

Cvelist•added 2023/04/28 3:54 p.m.•33 views

CVE-2023-30856 eDEX-UI cross-site websocket hijacking vulnerability enables remote command execution

8.3CVSS9.8AI score0.00348EPSS

Exploits1References3

OSV•added 2023/04/28 3:54 p.m.•27 views

CVE-2023-30856 eDEX-UI cross-site websocket hijacking vulnerability enables remote command execution

8.3CVSS8.6AI score0.00348EPSS

Exploits1References5

Vulnrichment•added 2023/04/28 3:54 p.m.•7 views

CVE-2023-30856 eDEX-UI cross-site websocket hijacking vulnerability enables remote command execution

8.3CVSS9.6AI score0.00348EPSS

Exploits1References3

Positive Technologies•added 2023/04/28 12:0 a.m.•4 views

PT-2023-23012

Name of the Vulnerable Software and Affected Versions eDEX-UI versions 2.2.8 and prior Description eDEX-UI is a science fiction terminal emulator that is vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal...

10CVSS5AI score0.00348EPSS

Exploits1References11

CNNVD•added 2023/04/28 12:0 a.m.•3 views

eDEX-UI 访问控制错误漏洞

eDEX-UI is a full-screen, cross-platform terminal emulator and system monitor from the individual developer Gabriel Saillard in France. A security vulnerability exists in eDEX-UI version 2.2.8 and prior versions, which stems from vulnerability to cross-site web hijacking, where a malicious websit...

10CVSS8.4AI score0.00348EPSS

Exploits1References4

Veracode•added 2023/04/26 2:52 a.m.•31 views

Information Disclosure

github.com/mattermost/mattermost-server is vulnerable to Information Disclosure. The vulnerability exists because the library fails to sanitize the related WebSocket event sent to currently connected clients, which allows an attacker to see the name, display name, description, and other data when...

4.3CVSS5AI score0.00475EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2023/04/25 6:24 p.m.•29 views

CVE-2023-2281

When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team...

4.3CVSS4.5AI score0.00475EPSS

Exploits0References3

NVD•added 2023/04/25 2:15 p.m.•19 views

CVE-2023-2281

4.3CVSS4AI score0.00475EPSS

Exploits0References1

OSV•added 2023/04/25 2:15 p.m.•12 views

CVE-2023-2281

4.3CVSS4.8AI score

Exploits0References1

Prion•added 2023/04/25 2:15 p.m.•25 views

Sql injection

4CVSS4.5AI score0.00475EPSS

Exploits0References1Affected Software1

CVE•added 2023/04/25 1:4 p.m.•67 views

CVE-2023-2281

CVE-2023-2281 describes an information-disclosure bug in Mattermost Server: when archiving a team, the related WebSocket event is not sanitized, allowing currently connected clients to see sensitive data such as the team’s name, display name, description, and other archived-team data. The connect...

4.3CVSS4.2AI score0.00475EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/04/25 1:4 p.m.•9 views

CVE-2023-2281 Archiving a team broadcasts unsanitized data over WebSockets

3.1CVSS6.6AI score0.00475EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by