CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2024/08/02 10:5 a.m.•26 views

CVE-2024-40719 CHANGING Information Technology TCBServiSign Windows Version - Inadequate Encryption Strength

The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it...

6.5CVSS0.00175EPSS

CNNVD•added 2024/08/02 12:0 a.m.•6 views

Changing TCBServiSign 安全漏洞

Changing TCBServiSign is a cross-platform security control component from Changing, China. A security vulnerability exists in Changing TCBServiSign versions prior to 1.0.24.0318, which stems from a specific API that does not correctly validate the length of server-side inputs, and allows an...

4.3CVSS7.1AI score0.00453EPSS

CNNVD•added 2024/08/02 12:0 a.m.•4 views

Changing TCBServiSign 安全漏洞

4.3CVSS7.1AI score0.00453EPSS

CNNVD•added 2024/08/02 12:0 a.m.•3 views

Changing TCBServiSign 加密问题漏洞

Changing TCBServiSign is a cross-platform security control component from China-based Changing. An encryption issue vulnerability exists in versions prior to Changing TCBServiSign 1.0.24.0318, which stems from insufficient encryption strength of the authorization key, and can be exploited by a...

6.5CVSS6.7AI score0.00175EPSS

CNNVD•added 2024/08/02 12:0 a.m.•5 views

Changing TCBServiSign 输入验证错误漏洞

Changing TCBServiSign is a cross-platform security control component from Changing, China. An input validation error vulnerability exists in versions prior to Changing TCBServiSign 1.0.24.0318. The vulnerability stems from a specific API that does not properly validate server-side input, allowing...

8.8CVSS6.8AI score0.00532EPSS

CNNVD•added 2024/08/02 12:0 a.m.•5 views

Changing TCBServiSign 输入验证错误漏洞

8.8CVSS7.5AI score0.0056EPSS

OSV•added 2024/07/31 2:15 p.m.•6 views

CVE-2024-3083

A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...

8.3CVSS5.8AI score0.00214EPSS

NVD•added 2024/07/31 2:15 p.m.•45 views

CVE-2024-3083

8.3CVSS0.00214EPSS

Vulnrichment•added 2024/07/31 1:15 p.m.•14 views

CVE-2024-3083

8.3CVSS7AI score0.00214EPSS

Cvelist•added 2024/07/31 1:15 p.m.•45 views

CVE-2024-3083

8.3CVSS0.00214EPSS

CVE•added 2024/07/31 1:15 p.m.•52 views

CVE-2024-3083

CVE-2024-3083 corresponds to a CSRF vulnerability in Plug&Track Sensor Net Connect (V2). Affected component: Plug&Track Sensor Net Connect V2, version 2.24. Root cause: cross-site request forgery that can enable remote attackers to perform state-changing operations with administrative privileges ...

8.3CVSS7.2AI score0.00214EPSS

Exploits0References1Affected Software1

Github Security Blog•added 2024/07/11 1:19 p.m.•14 views

SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User

Authentication would not be properly validated when an already authenticated scope user would use the use method or USE clause to switch working databases in a session. If there was a user record in the new database with identical record identifier as the original record that the user authenticat...

7.2AI score

Exploits0References4Affected Software2

Positive Technologies•added 2024/07/03 12:0 a.m.•5 views

PT-2024-37618 · Mesbook · Mesbook

Name of the Vulnerable Software and Affected Versions: MESbook version 20221021.03 Description: The issue is an information exposure vulnerability that could allow a local attacker with user privileges to access different resources by changing the API value of the application. Recommendations: Fo...

8.1CVSS6.7AI score0.00298EPSS

Exploits0References6

Cvelist•added 2024/07/01 2:52 a.m.•25 views

CVE-2024-3123 CHANGING Mobile One Time Password - Arbitrary File Upload

CHANGING Mobile One Time Password's uploading function in a hidden page does not filter file type properly. Remote attackers with administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands...

7.2CVSS0.00593EPSS

Cvelist•added 2024/07/01 2:39 a.m.•22 views

CVE-2024-3122 CHANGING Mobile One Time Password - Arbitrary File Reading

CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system...

4.9CVSS0.00613EPSS

Positive Technologies•added 2024/07/01 12:0 a.m.•6 views

PT-2024-23870 · Unknown · Changing Mobile One Time Password

Name of the Vulnerable Software and Affected Versions: CHANGING Mobile One Time Password affected versions not specified Description: The issue concerns a lack of proper file type filtering in the uploading function of a hidden page within CHANGING Mobile One Time Password. This allows remote...

7.2CVSS7.4AI score0.00593EPSS

Exploits0References4

CNNVD•added 2024/07/01 12:0 a.m.•4 views

CHANGING Mobile One Time Password Code Issue Vulnerability

CHANGING Mobile One Time Password is a password management application from the Chinese company CHANGING Mobile. It is used to set one-time passwords for authentication or transactions. A code issue vulnerability exists in CHANGING Mobile One Time Password, which stems from the upload function on...

7.2CVSS7.8AI score0.00593EPSS

CNNVD•added 2024/07/01 12:0 a.m.•3 views

CHANGING Mobile One Time Password Security Vulnerability

CHANGING Mobile One Time Password is a password management application from CHANGING Mobile, China. It is used to set one-time passwords for authentication or transactions. A security vulnerability exists in CHANGING Mobile One Time Password, which originates from an inability to properly filter...

4.9CVSS7.1AI score0.00613EPSS