CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

268 matches found

Exploit DB•added 2023/03/30 12:0 a.m.•196 views

Concrete5 CME v9.1.3 - Xpath injection

Exploit Title: Concrete5 CME v9.1.3 - Xpath injection Author: nu11secur1ty Date: 11.28.2022 Vendor: https://www.concretecms.org/ Software: https://www.concretecms.org/download Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3...

7.4AI score

Exploits0

NVD•added 2023/03/08 3:15 p.m.•14 views

CVE-2023-26261

In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15...

9.8CVSS9.8AI score0.0084EPSS

Exploits0References2

Prion•added 2023/03/08 3:15 p.m.•16 views

Design/Logic Flaw

7.5CVSS9.7AI score0.0084EPSS

Exploits0References2Affected Software2

Vulnrichment•added 2023/03/08 12:0 a.m.•6 views

CVE-2023-26261

7.7AI score0.0084EPSS

Exploits0References2

CNNVD•added 2023/03/08 12:0 a.m.•5 views

UBIKA WAAP Gateway/Cloud 注入漏洞

UBIKA WAAP Gateway/Cloud is a UBIKA solution for managing application security at the enterprise level. A security vulnerability exists in UBIKA WAAP Gateway/Cloud versions 6.10 and earlier, which stems from the presence of XPath injection, and can be exploited by an attacker to cause an...

9.8CVSS8.3AI score0.0084EPSS

Exploits0References3

CVE•added 2023/03/08 12:0 a.m.•58 views

CVE-2023-26261

Summary: CVE-2023-26261 affects Ubika WAAP Gateway/Cloud (up to v6.10). It describes a blind XPath injection that enables authentication bypass by stealing another user’s session. Impact: enables unauthorized session hijacking with high impact on confidentiality, integrity, and availability as pe...

9.8CVSS9.6AI score0.0084EPSS

Exploits0References2Affected Software2

Cvelist•added 2023/03/08 12:0 a.m.•28 views

CVE-2023-26261

10AI score0.0084EPSS

Exploits0References2

Github Security Blog•added 2022/12/06 12:30 a.m.•22 views

Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks

Withdrawn This advisory has been withdrawn because it has been found not to be a security issue and withdrawn by its CNA. Please see the message from NVD here for more information. This link is maintained to preserve external references. Original Description ConcreteCMS v9.1.3 was discovered to b...

6.6AI score

Exploits0References3Affected Software1

OSV•added 2022/12/06 12:30 a.m.•16 views

GHSA-7VX2-5349-QJ99 Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks

7.5CVSS6.8AI score

Exploits0References3

Packet Storm•added 2022/11/29 12:0 a.m.•558 views

Concrete CMS 9.1.3 XPATH Injection

Title: concretecms-9.1.3 Xpath injection Author: nu11secur1ty Date: 11.28.2022 Vendor: https://www.concretecms.org/ Software: https://www.concretecms.org/download Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3 Description: The...

0.1AI score

Exploits0

Openbugbounty•added 2022/11/04 1:47 a.m.•13 views

stacks.hpcf.upr.edu Cross Site Scripting vulnerability OBB-3035104

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score

Exploits0

The Hacker News•added 2022/10/28 2:30 p.m.•155 views

High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices

Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability CVE-2022-22241, CVSS score: 8.1 in the J-Web...

9.8CVSS1.6AI score0.98975EPSS

Exploits12

OSV•added 2022/10/18 3:15 a.m.•5 views

CVE-2022-22243

An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of...

4.3CVSS5.8AI score0.00435EPSS

Exploits0References1

NVD•added 2022/10/18 3:15 a.m.•31 views

CVE-2022-22243

4.3CVSS0.00435EPSS

Exploits0References1

NVD•added 2022/10/18 3:15 a.m.•28 views

CVE-2022-22244

An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affect...

5.3CVSS0.0049EPSS

Exploits0References1

OSV•added 2022/10/18 3:15 a.m.•5 views

CVE-2022-22244

5.3CVSS5.8AI score0.0049EPSS

Exploits0References1

Prion•added 2022/10/18 3:15 a.m.•23 views

Design/Logic Flaw

5CVSS5.4AI score0.0049EPSS

Exploits0References1Affected Software1

Prion•added 2022/10/18 3:15 a.m.•24 views

Input validation

4CVSS4.7AI score0.00435EPSS

Exploits0References1Affected Software1

CVE•added 2022/10/18 2:46 a.m.•64 views

CVE-2022-22244

CVE-2022-22244 affects Juniper Networks Junos OS in the J-Web component. An unauthenticated attacker can send a crafted POST to reach the XPath channel, potentially chaining to other vulnerabilities and causing a partial loss of confidentiality. Affected Junos OS versions range broadly from befor...

5.3CVSS5.7AI score0.0049EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2022/10/18 2:46 a.m.•9 views

CVE-2022-22244 Junos OS: Unauthenticated XPath Injection vulnerability in J-Web

5.3CVSS5.3AI score0.0049EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by