CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Microsoft Secure•added 2022/06/30 2:0 p.m.•25 views

Toll fraud malware: How an Android application can drain your wallet

6.8AI score

The Hacker News•added 2022/06/28 11:0 a.m.•23 views

Overview of Top Mobile Security Threats in 2022

Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be. Consider the recent discovery by Oversecured, a security startu...

7.4AI score

Hive Pro Threat Advisories•added 2022/04/05 12:57 p.m.•234 views

Deep Panda deploys new rootkit “Fire Chili” by exploiting Log4shell in VMware horizon

THREAT LEVEL: Red For a detailed advisory, download the pdf file here Deep Panda, a Chinese APT group, took advantage of the well-known Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor, rootkit, and steal sensitive data. This threat actor is primarily targeting firms in the...

9.3CVSS0.3AI score0.94358EPSS

Exploits341

OSV•added 2022/02/19 5:15 p.m.•2 views

DEBIAN-CVE-2016-1239

duck before 0.10 did not properly handle loading of untrusted code from the current directory...

9.8CVSS8.6AI score0.00611EPSS

CVE•added 2022/02/19 5:5 p.m.•57 views

CVE-2016-1239

CVE-2016-1239 concerns the Duck interpreter prior to 0.10, where loading of untrusted code from the current directory is mishandled. The vulnerability allows an attacker to influence code loaded from the working directory, with the NVD metrics indicating a high-severity impact (CVSS v3.1: CRITICA...

9.8CVSS9.5AI score0.00611EPSS

CNVD•added 2020/07/29 12:0 a.m.•1 views

Python has an unspecified vulnerability

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python version 3.8.4, which stems from the program's failure to enforc...

9.8CVSS9.4AI score0.00617EPSS

Cvelist•added 2020/07/17 2:15 a.m.•24 views

CVE-2020-15801

In Python 3.8.4, sys.path restrictions specified in a python38.pth file are ignored, allowing code to be loaded from arbitrary locations. The .pth file e.g., the python.pth file is not affected...

9.4AI score0.00617EPSS

Exploits0References3

OSV•added 2020/07/15 1:15 p.m.•1 views

CVE-2020-4100

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...

4.4CVSS5.8AI score

Prion•added 2020/07/15 1:15 p.m.•12 views

Design/Logic Flaw

2.1CVSS5AI score0.00053EPSS

CVE•added 2020/07/15 12:31 p.m.•39 views

CVE-2020-4100

HCL Verse for Android is affected by a vulnerability linked to its use of dynamic code loading. The root cause is the ability to load components at runtime, which can lead to loading unintended code if not implemented properly. Some connected reports explicitly describe a HCL Verse Android code-e...

4.4CVSS4.9AI score0.00053EPSS

Cvelist•added 2020/07/15 12:31 p.m.•13 views

CVE-2020-4100

4.9AI score0.00053EPSS

NVD•added 2019/11/14 5:15 p.m.•11 views

CVE-2019-15417

The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=7, versionName=7.0.5 that allows unauthorized dynamic code...

7.8CVSS7.4AI score0.00136EPSS

Prion•added 2019/11/14 5:15 p.m.•14 views

Code injection

7.2CVSS7.3AI score0.00136EPSS

CVE•added 2019/11/14 4:26 p.m.•39 views

CVE-2019-15417

The CVE-2019-15417 entry concerns a Tecno Spark Pro Android device (build TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys) with a pre-installed app, com.lovelyfont.defcontainer (versionCode 7, versionName 7.0.5), that allows unauthorized dynamic code loading via a conf...

7.8CVSS7.3AI score0.00136EPSS

Cvelist•added 2019/11/14 4:26 p.m.•14 views

CVE-2019-15417

7.4AI score0.00136EPSS

Positive Technologies•added 2019/07/30 12:0 a.m.•3 views

PT-2019-5544 · Ruby +6 · Bundler +6

Name of the Vulnerable Software and Affected Versions: Bundler versions prior to 2.1.0 Description: The issue is related to the use of predictable paths in /tmp/ with insecure permissions as a storage location for gems when locations under the user's home directory are not available. If Bundler i...

8.1CVSS6.8AI score0.05892EPSS

Exploits2References90

Hacker One•added 2019/05/14 12:11 a.m.•8 views

Node.js third-party modules: [larvitbase-www] Unintended Require

I would like to report Unintended Require vulnerability in larvitbase-www It is similar to bug found here 566056 because the module is maintained by the same developer, but it is a different module and the code behind the vulnerability is different. It allows loading arbitary non-production code ...

7.2AI score