CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

501 matches found

PMB 7.4.6 - Cross-Site Scripting

PMB 7.4.6 contains a cross-site scripting vulnerability via the query parameter at /admin/convert/exportz3950new.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authenticatio...

6.1CVSS6.4AI score0.14924EPSS

Exploits1References3

Nuclei•added 2 days ago•223 views

ManageEngine Desktop Central Java Deserialization

Zoho ManageEngine Desktop Central before 10.0.474 is vulnerable to a deserialization of untrusted data, which permits remote code execution. id: CVE-2020-10189 info: name: ManageEngine Desktop Central Java Deserialization author: king-alexander severity: critical description: | Zoho ManageEngine...

10CVSS7.8AI score0.94248EPSS

Exploits6References5

Nuclei•added 3 days ago•71 views

Joomla! Component PrayerCenter 3.0.2 - SQL Injection

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. id: CVE-2018-7314 info: name: Joomla! Component PrayerCenter 3.0.2 - SQL Injection author: DhiyaneshDK severity: critical description: | SQL Injection...

9.8CVSS7.4AI score0.90805EPSS

Exploits6References4

OpenVAS•added 2024/12/02 12:0 a.m.•10 views

Debian: Security Advisory (DLA-3976-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS7.1AI score0.00311EPSS

Exploits0References2

OpenVAS•added 2024/11/21 12:0 a.m.•8 views

openSUSE Security Advisory (SUSE-SU-2024:4035-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS7.7AI score0.00127EPSS

Exploits0References4

OpenVAS•added 2024/11/13 12:0 a.m.•14 views

Fedora: Security Advisory (FEDORA-2024-011c4d53e5)

8.8CVSS8.8AI score0.00839EPSS

Exploits0References7

OpenVAS•added 2024/11/05 12:0 a.m.•19 views

Ubuntu: Security Advisory (USN-7088-2)

8.4CVSS8.6AI score0.00495EPSS

Exploits6References2

OpenVAS•added 2024/10/21 12:0 a.m.•17 views

Fedora: Security Advisory (FEDORA-2024-2ba00c906c)

5.3CVSS5.7AI score0.00163EPSS

Exploits0References6

OpenVAS•added 2024/10/17 12:0 a.m.•12 views

openSUSE: Security Advisory for the Linux Kernel (Live Patch 13 for SLE 15 SP5) (SUSE-SU-2024:3701-1)

7.8CVSS8.4AI score0.0072EPSS

Exploits1References2

OpenVAS•added 2024/10/16 12:0 a.m.•17 views

openSUSE: Security Advisory for the Linux Kernel RT (Live Patch 16 for SLE 15 SP5) (SUSE-SU-2024:3636-1)

7.8CVSS7.7AI score0.00016EPSS

Exploits0References2

CVE•added 2024/10/15 7:53 p.m.•41 views

CVE-2024-21278

CVE-2024-21278 affects Oracle E-Business Suite’s Contract Lifecycle Management for Public Sector (Award Processes). Affected versions are 12.2.3–12.2.13. The vulnerability allows a low-privilege, network-accessible attacker (via HTTP) to impersonate legitimate operations, potentially leading to u...

8.1CVSS7.8AI score0.00831EPSS

Exploits0References1Affected Software1

OpenVAS•added 2024/09/25 12:0 a.m.•16 views

SUSE: Security Advisory (SUSE-SU-2024:3418-1)

8.7CVSS7.8AI score0.03014EPSS

Exploits3References6

OpenVAS•added 2024/09/20 12:0 a.m.•18 views

Fedora: Security Advisory (FEDORA-2024-7db9258d37)

9.8CVSS7.4AI score0.03014EPSS

Exploits5References40

OpenVAS•added 2024/09/17 12:0 a.m.•12 views

Fedora: Security Advisory (FEDORA-2024-e6b5e38ae6)

6.8CVSS5.5AI score0.00071EPSS

Exploits0References4

OpenVAS•added 2024/09/16 12:0 a.m.•23 views

Fedora: Security Advisory (FEDORA-2024-1d0cb3b43f)

8.7CVSS7.2AI score0.03014EPSS

Exploits4References13

Tenable Nessus•added 2024/09/13 12:0 a.m.•30 views

Security Updates for Microsoft Office Online Server (September 2024)

The Microsoft Office Web Apps installation on the remote host is missing a security update. It is, therefore, affected by the following: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2024-43465 Note that Nessus has not tested for this iss...

7.8CVSS5.6AI score0.00684EPSS

Exploits0References2

Tenable Nessus•added 2024/09/02 12:0 a.m.•6 views

Emerson Ovation Insufficient Verification of Data Authenticity (CVE-2022-30267)

The affected product was found to have no authentication of firmware signing and relies on an insecure checksum for integrity. This could allow an attacker to push malicious firmware images, cause a denial-of-service condition, or achieve remote code execution. This plugin only works with...

6AI score

Exploits0References2

OpenVAS•added 2024/08/24 12:0 a.m.•19 views

openSUSE Security Advisory (openSUSE-SU-2024:0258-1)

9.6CVSS7.9AI score0.24226EPSS

Exploits4References6

OpenVAS•added 2024/08/06 12:0 a.m.•13 views

Fedora: Security Advisory (FEDORA-2024-d638b9a34c)

9.8CVSS7.6AI score0.00209EPSS

Exploits0References7

OpenVAS•added 2024/07/10 12:0 a.m.•11 views

openSUSE Security Advisory (SUSE-SU-2024:2320-1)