Lucene search
K

6612 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2022/12/19 1:57 a.m.2 views

Malicious code in eg-auth-ui-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 437e53aa9aa9cbd8bae160de3b5b28fa886c8552f617e61fbe93c938c4e2029c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/12/18 12:0 a.m.29 views

GLSA-202212-05 : Mozilla Network Security Service (NSS): Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202212-05 Mozilla Network Security Service NSS: Multiple Vulnerabilities - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures...

9.8CVSS8AI score0.17563EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2022/12/16 9:30 p.m.6 views

ai.foxpay.api:foxpay-sdk (>=1.0 <=1.1), ai.genauth:genauth-java-sdk (=3.1.11) +1490 more potentially affected by CVE-2022-4565 via cn.hutool:hutool-core (>=4.0.0 <=5.8.10)

cn.hutool:hutool-core MAVEN version =4.0.0, =1.0, =j8.2.2.0, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =j8.2.2.0, =1.0.2, =1.0.4.R, =1.0.6.R and more Source cves: CVE-2022-4565 Source advisory: OSV:GHSA-47VX-FQR5-J2GW...

7.5CVSS7.2AI score0.00897EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/12/15 12:0 a.m.4 views

PT-2022-26184 · Unknown · Bigbluebutton

Name of the Vulnerable Software and Affected Versions: BigBlueButton versions prior to 2.4.3 Description: The issue is related to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to validateAuthToken using a victim's userId,...

4.3CVSS4.4AI score0.00361EPSS
Exploits0References8
NVD
NVD
added 2022/12/14 9:15 p.m.31 views

CVE-2022-38488

logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...

9.8CVSS0.14132EPSS
Exploits1References5
OSV
OSV
added 2022/12/14 9:15 p.m.7 views

CVE-2022-38488

logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...

9.8CVSS5.8AI score0.14132EPSS
Exploits1References5
Prion
Prion
added 2022/12/14 9:15 p.m.23 views

Sql injection

logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...

7.5CVSS9.8AI score0.14132EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/14 5:22 p.m.4 views

CVE-2022-23527 Open Redirect in oidc_validate_redirect_url()

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check fo...

4.7CVSS7AI score0.00905EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/12/14 12:0 a.m.35 views

CVE-2022-38488

logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...

10AI score0.14132EPSS
Exploits1References5
hivepro
hivepro
added 2022/12/13 11:11 a.m.55 views

Active exploitation of the Fortinet pre-auth RCE vulnerability

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has addressed a critical security flaw in its FortiOS SSL-VPN product, which is being actively exploited in the wild. The heap-based buffer overflow bug in FortiOS sslvpnd is listed as...

2AI score0.99474EPSS
Exploits11
CVE
CVE
added 2022/12/12 9:48 p.m.80 views

CVE-2022-41263

CVE-2022-41263 affects SAP BusinessObjects Business Intelligence Platform (Web Intelligence) v4.2/v4.3 (420, 430). Root cause: missing authentication check allows an authenticated non-administrator to modify data source information for a restricted document, yielding a limited integrity impact. N...

4.3CVSS4.5AI score0.0021EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2022/12/12 12:0 a.m.200 views

Judging Management System 1.0 Shell Upload

Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Date: 12/11/2022 Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.ht...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/12/12 12:0 a.m.3 views

PT-2022-25157 · WordPress · Dpd Baltic Shipping

Name of the Vulnerable Software and Affected Versions: DPD Baltic Shipping WordPress plugin versions prior to 1.2.57 Description: The issue concerns a lack of authorisation and CSRF protection in an AJAX action. This could allow any authenticated user to delete arbitrary options from the blog,...

8.1CVSS7.9AI score0.00424EPSS
Exploits2References3
GithubExploit
GithubExploit
added 2022/12/09 11:29 a.m.315 views

Exploit for CVE-2022-36537

CVE-2022-36537 Summary R1Soft Server Backup Manager uses t...

7.5CVSS8.2AI score0.95335EPSS
Exploits5
GithubExploit
GithubExploit
added 2022/12/08 1:52 a.m.11 views

Exploit for Incorrect Authorization in Cacti

CVE-2022-46169 CVE-2022-46169 Cacti remoteagent.php Unauthen...

9.8CVSS7.9AI score0.99826EPSS
Exploits48
Positive Technologies
Positive Technologies
added 2022/12/08 12:0 a.m.4 views

PT-2022-35984 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.10 Description: A memory leak was discovered in the nvmet auth set key function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

7.2AI score
Exploits0References1
Cvelist
Cvelist
added 2022/12/06 9:53 p.m.24 views

CVE-2022-45829 WordPress Easy WP SMTP Plugin <= 1.5.1 is vulnerable to Arbitrary File Deletion

Auth. Path Traversal vulnerability in Easy WP SMTP plugin = 1.5.1 at WordPress...

8.7CVSS9.2AI score0.00839EPSS
Exploits0References1
CVE
CVE
added 2022/12/06 9:53 p.m.63 views

CVE-2022-45829

CVE-2022-45829 affects the WordPress Easy WP SMTP plugin, specifically versions &lt;= 1.5.1. The vulnerability is an authenticated path traversal in the plugin, allowing traversal to sensitive files. Several sources also note potential arbitrary file deletion as part of the impact for affected ve...

8.7CVSS7.8AI score0.00839EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/12/06 9:44 p.m.66 views

CVE-2022-45833

CVE-2022-45833 is an authenticated path traversal vulnerability in WordPress Easy WP SMTP plugin versions ≤ 1.5.1. The issue, documented across multiple sources, allows traversal of directories in affected installations; exact exploit details are not provided in the initial/dependent documents. R...

6.8CVSS6.8AI score0.0077EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/12/06 9:32 p.m.317 views

CVE-2022-45816

CVE-2022-45816 affects the WordPress plugin GD bbPress Attachments (versions ≤ 4.3.1). The vulnerability is an Authenticated Stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/escaping of settings, enabling elevated-privilege users (e.g., admins) to inject XSS. Public refe...

5.4CVSS5AI score0.00418EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder