CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

231 matches found

Positive Technologies•added 2023/04/11 12:0 a.m.•3 views

PT-2023-17382 · Unknown · Answerdev/Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.8 Description: The issue concerns the exposure of sensitive information through metadata in the answerdev/answer GitHub repository. This exposure can include sensitive data such as EXIF data and GPS...

7.7CVSS7.7AI score0.00597EPSS

Exploits1References9

Vulnrichment•added 2023/04/11 12:0 a.m.•5 views

CVE-2023-1974 Exposure of Sensitive Information Through Metadata in answerdev/answer

Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8...

7.7CVSS6.7AI score0.00597EPSS

Exploits1References2

Cvelist•added 2023/04/11 12:0 a.m.•19 views

CVE-2023-1974 Exposure of Sensitive Information Through Metadata in answerdev/answer

Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8...

7.7CVSS6.7AI score0.00597EPSS

Exploits1References2

OSV•added 2023/04/11 12:0 a.m.•11 views

CVE-2023-1974 Exposure of Sensitive Information Through Metadata in answerdev/answer

Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8...

7.7CVSS6.9AI score0.00597EPSS

Exploits1References4

CVE•added 2023/04/11 12:0 a.m.•99 views

CVE-2023-1976

CVE-2023-1976 affects answerdev/answer (open-source knowledge-based community software). The root cause is password reset links not expiring, enabling potential account takeover for versions prior to 1.0.6. Exploitation details are not provided in the documents; impact is described as account tak...

8.8CVSS6.4AI score0.00607EPSS

Exploits1References2Affected Software1

CVE•added 2023/04/11 12:0 a.m.•120 views

CVE-2023-1975

The CVE-2023-1975 entry refers to an information-disclosure flaw in the open-source project answerdev/answer prior to version 1.0.8, where EXIF geolocation data is not stripped from user-uploaded logos. Multiple connected sources (CNVD/CNNVD, GHSA, OSV, NVD, CVE listings) corroborate that an atta...

7.6CVSS6.5AI score0.00586EPSS

Exploits1References2Affected Software1

Packet Storm•added 2023/04/06 12:0 a.m.•213 views

Answerdev 1.0.3 Account Takeover

Exploit Title: Answerdev 1.0.3 - Account Takeover Date: Reported on Jan 24th 2023 Exploit Author: Eduardo Pérez-Malumbres Cervera @blueudp Vendor Homepage: https://answer.dev/ Software Link: https://github.com/answerdev/answer Version: 1.0.3 Tested on: Ubuntu 22.04 / Debian 11 CVE : CVE-2023-0744...

9.8CVSS9.4AI score0.06368EPSS

Exploits4

Exploit DB•added 2023/04/05 12:0 a.m.•161 views

Answerdev 1.0.3 - Account Takeover

9.8CVSS9.6AI score0.06368EPSS

Exploits4

0day.today•added 2023/04/05 12:0 a.m.•183 views

Answerdev 1.0.3 - Account Takeover Exploit

Exploit Title: Answerdev 1.0.3 - Account Takeover Exploit Author: Eduardo Pérez-Malumbres Cervera @blueudp Vendor Homepage: https://answer.dev/ Software Link: https://github.com/answerdev/answer Version: 1.0.3 Tested on: Ubuntu 22.04 / Debian 11 CVE : CVE-2023-0744 from sys import argv import...

9.8CVSS9.6AI score0.06368EPSS

Exploits4

Github Security Blog•added 2023/03/21 6:30 a.m.•25 views

Answer vulnerable to Stored Cross-site Scripting

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.7...

8.3CVSS5.2AI score0.00536EPSS

Exploits1References4Affected Software1

NVD•added 2023/03/21 5:15 a.m.•10 views

CVE-2023-1543

Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6...

8.8CVSS7.6AI score0.00775EPSS

Exploits1References2

NVD•added 2023/03/21 5:15 a.m.•19 views

CVE-2023-1542

Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6...

8.1CVSS5.9AI score0.0075EPSS

Exploits1References2

NVD•added 2023/03/21 5:15 a.m.•10 views

CVE-2023-1540

Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...

5.3CVSS5.2AI score0.00639EPSS

Exploits1References2

NVD•added 2023/03/21 5:15 a.m.•38 views

CVE-2023-1535

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.7...

8.3CVSS5.6AI score0.00536EPSS

Exploits1References2

Prion•added 2023/03/21 5:15 a.m.•14 views

Session fixation

Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6...

5.4CVSS8.7AI score0.00775EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2023/03/21 12:0 a.m.•8 views

CVE-2023-1540 Observable Response Discrepancy in answerdev/answer

Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...

5.3CVSS5.3AI score0.00639EPSS

Exploits1References2

Vulnrichment•added 2023/03/21 12:0 a.m.•6 views

CVE-2023-1537 Authentication Bypass by Capture-replay in answerdev/answer

Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6...

5.3CVSS9.6AI score0.00837EPSS

Exploits1References2

Positive Technologies•added 2023/03/21 12:0 a.m.•2 views

PT-2023-17056 · Answerdev · Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.7 Description: The issue is related to Stored Cross-site Scripting XSS in the GitHub repository answerdev/answer. This type of attack allows an attacker to inject malicious scripts into a website, which...

8.3CVSS7.7AI score0.00536EPSS

Exploits1References8

Vulnrichment•added 2023/03/21 12:0 a.m.•7 views

CVE-2023-1539 Improper Restriction of Excessive Authentication Attempts in answerdev/answer

Improper Restriction of Excessive Authentication Attempts in GitHub repository answerdev/answer prior to 1.0.6...

5.3CVSS5.3AI score0.00614EPSS

Exploits1References2

Vulnrichment•added 2023/03/21 12:0 a.m.•6 views

CVE-2023-1543 Insufficient Session Expiration in answerdev/answer

Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6...

6.8CVSS8.7AI score0.00775EPSS

Exploits1References2