CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

67 matches found

Kitploit•added 2023/08/12 12:30 p.m.•28 views

Columbus-Server - API first subdomain discovery service, blazingly fast subdomain enumeration service with advanced features

Columbus Project is an API first subdomain discovery service, blazingly fast subdomain enumeration service with advanced features. Columbus returned 638subdomains of tesla.com in 0.231 sec. Usage By default Columbus returns only the subdomains in a JSON string array: curl...

7.2AI score

Exploits0References1

OSV•added 2023/05/05 12:30 a.m.•15 views

GHSA-Q63Q-HWF6-3MW6 ONOS vulnerable to Cross-site Scripting

A cross-site scripting XSS vulnerability in Open Network Operating System ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the authorizationURL parameter of the API documentation dashboard under securityDefinitions...

6.1CVSS5.8AI score0.00234EPSS

Exploits1References4

NVD•added 2023/05/04 10:15 p.m.•13 views

CVE-2023-30093

A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...

6.1CVSS5.9AI score0.00234EPSS

Exploits1References2

OSV•added 2023/05/04 10:15 p.m.•32 views

CVE-2023-30093

6.1CVSS5.9AI score0.00234EPSS

Exploits1References2

Prion•added 2023/05/04 10:15 p.m.•22 views

Cross site scripting

5.8CVSS5.9AI score0.00234EPSS

Exploits1References2Affected Software1

CVE•added 2023/05/04 12:0 a.m.•57 views

CVE-2023-30093

CVE-2023-30093 is a cross-site scripting (XSS) vulnerability affecting Open Networking Foundation ONOS, from version v1.9.0 through v2.7.0. The issue enables execution of arbitrary web scripts/HTML via a crafted payload injected into the url parameter of the API documentation dashboard. The provi...

6.1CVSS5.8AI score0.00234EPSS

Exploits1References2Affected Software1

Cvelist•added 2023/05/04 12:0 a.m.•15 views

CVE-2023-30093

6AI score0.00234EPSS

Exploits1References2

Vulnrichment•added 2023/05/04 12:0 a.m.•8 views

CVE-2023-30093

5.9AI score0.00234EPSS

Exploits1References2

Github Security Blog•added 2023/03/31 9:30 p.m.•25 views

jeecg-boot vulnerable to improper authentication

A vulnerability was found in jeecg-boot 3.5.0 that affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication because the software does not prove or insufficiently proves that an identity claim is correct when an actor claims to have a...

9.8CVSS9.1AI score0.00302EPSS

Exploits0References5Affected Software1

OSV•added 2023/03/31 9:30 p.m.•15 views

GHSA-6RFV-H5V8-CJ7G jeecg-boot vulnerable to improper authentication

9.8CVSS7.4AI score0.00302EPSS

Exploits0References5

OSV•added 2023/03/31 8:15 p.m.•14 views

CVE-2023-1784

A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

9.8CVSS9.8AI score

Exploits0References3

Prion•added 2023/03/31 8:15 p.m.•12 views

Authentication flaw

5CVSS9.5AI score0.00302EPSS

Exploits0References3Affected Software1

CVE•added 2023/03/31 8:0 p.m.•57 views

CVE-2023-1784

CVE-2023-1784 (jeecg-boot 3.5.0) is described across multiple connected sources as a critical issue involving improper authentication in the API Documentation processing. The root cause is not fully detailed in the provided documents, but the vulnerability enables remote exploitation and is assoc...

9.8CVSS7.5AI score0.00302EPSS

Exploits0References3Affected Software1

Cvelist•added 2023/03/31 8:0 p.m.•15 views

CVE-2023-1784 jeecg-boot API Documentation improper authentication

5.3CVSS9.9AI score0.00302EPSS

Exploits0References3

Prion•added 2023/03/14 1:15 a.m.•13 views

Cross site scripting

5.8CVSS5.9AI score0.00426EPSS

Exploits1References3Affected Software1

Cvelist•added 2023/03/14 12:0 a.m.•15 views

CVE-2023-24279

6AI score0.00426EPSS

Exploits1References3

IBM Security Bulletins•added 2022/09/25 9:6 p.m.•51 views

Security Bulletin: IBM WebSphere Process Server Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Abstract Java™ API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...

4.3CVSS7.4AI score0.26602EPSS

Exploits1Affected Software6

IBM Security Bulletins•added 2022/09/25 9:6 p.m.•17 views

Security Bulletin: IBM WebSphere Business Services Fabric Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

4.3CVSS7.4AI score0.26602EPSS

Exploits1Affected Software1

Packet Storm•added 2022/05/09 12:0 a.m.•599 views

F5 BIG-IP Remote Code Execution

F5 BIG-IP RCE exploitation CVE-2022-1388 POST 1: POST /mgmt/tm/util/bash HTTP/1.1 Host: :8443 Authorization: Basic YWRtaW46 Connection: keep-alive, X-F5-Auth-Token X-F5-Auth-Token: 0 "command": "run" , "utilCmdArgs": " -c 'id' " curl commandliner: $ curl -i -s -k -X $'POST' -H $'Host: :8443' -H...

9.8CVSS10AI score0.94456EPSS

Exploits63

Github Security Blog•added 2022/05/04 12:0 a.m.•31 views

Insecure password handling vulnerability in Strapi

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request. From this, the attacker can get the victim's cookie, base64 decode it, and obtain a cleartext password, leading to...

7.5CVSS2.2AI score0.03089EPSS

Exploits3References6Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by