CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2565 matches found

OSV•added 2023/11/28 10:15 p.m.•17 views

CVE-2023-46944

An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...

7.8CVSS7.7AI score

Exploits0References2

Prion•added 2023/11/28 10:15 p.m.•18 views

Authorization

An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...

4.4CVSS7.9AI score0.01239EPSS

Exploits4References2Affected Software1

Cvelist•added 2023/11/28 12:0 a.m.•14 views

CVE-2023-46944

An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...

8AI score0.01239EPSS

Exploits4References2

The Hacker News•added 2023/11/21 10:40 a.m.•41 views

How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography

Phishing attacks are steadily becoming more sophisticated, with cybercriminals investing in new ways of deceiving victims into revealing sensitive information or installing malicious software. One of the latest trends in phishing is the use of QR codes, CAPTCHAs, and steganography. See how they a...

6.9AI score

Exploits0

OSV•added 2023/11/18 2:15 a.m.•2 views

CVE-2023-4214

The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit...

9.8CVSS7.3AI score0.00925EPSS

Exploits0References4

CNNVD•added 2023/11/18 12:0 a.m.•3 views

WordPress Plugin AppPresser Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS7.2AI score0.00925EPSS

Exploits0References5

Veracode•added 2023/11/16 5:56 a.m.•18 views

Weak 2FA Code Generation

Fides is vulnerable to Weak Code Generation. The vulnerability is due to the usage of the python random module used for generating one time codes in the Privacy and Consent request process which is considered to be a cryptographically weak pseudo-random number generator. This issue allows an...

9.1CVSS7.4AI score0.00992EPSS

Exploits0References3Affected Software1

CNNVD•added 2023/11/15 12:0 a.m.•4 views

Fides Security Vulnerabilities

Fides is an open source privacy engineering platform for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in versions of Fides prior to 2.24.0 that stems from the use of a weakly...

9.1CVSS6.9AI score0.00992EPSS

Exploits0References4

Kitploit•added 2023/11/14 11:30 a.m.•82 views

Forbidden-Buster - A Tool Designed To Automate Various Techniques In Order To Bypass HTTP 401 And 403 Response Codes And Gain Access To Unauthorized Areas In The System

Forbidden Buster is a tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system. This code is made for security enthusiasts and professionals only. Use it at your own risk. Probes HTTP 401 and 403 response...

7.7AI score

Exploits0References1

Tenable Nessus•added 2023/11/09 12:0 a.m.•57 views

NewStart CGSL MAIN 6.06 : curl Multiple Vulnerabilities (NS-SA-2023-0137)

The remote NewStart CGSL host, running version MAIN 6.06, has curl packages installed that are affected by multiple vulnerabilities: - When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might mak...

7.7AI score0.02511EPSS

Exploits4References9

Trellix•added 2023/10/30 12:0 a.m.•18 views

Trellix 2024 Threat Predictions

Trellix 2024 Threat Predictions By Trellix · October 30, 2023 Introduction This last year we have seen upheaval across the cybersecurity landscape. The need for effective, worldwide threat intelligence continues to grow as geopolitical and economic developments create an increasingly complicated...

6.9AI score

Exploits0

CNVD•added 2023/10/26 12:0 a.m.•18 views

PortlandLabs Concrete CMS Cross-Site Scripting Vulnerability

PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS v.9.2.1, which stems from the lack of effective filtering and escaping of user-supplied data by t...

4.8CVSS6.3AI score0.00637EPSS

Exploits1References1

Github Security Blog•added 2023/10/24 12:31 a.m.•35 views

Concrete CMS Cross-site Scripting vulnerability

4.8CVSS6.8AI score0.00637EPSS

Exploits2References5Affected Software1

Packet Storm•added 2023/10/24 12:0 a.m.•413 views

WordPress LiteSpeed Cache 5.6 Cross Site Scripting

Vulnerability Summary from Wordfence Intelligence Description: LiteSpeed Cache = 5.6 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: LiteSpeed Cache Plugin Slug: litespeed-cache Affected Versions: = 5.6 CVE ID: CVE-2023-4372 CVSS Score: 6.4 Medium CVSS...

7.1AI score0.19684EPSS

Exploits2

ATTACKERKB•added 2023/10/23 10:15 p.m.•3 views

CVE-2023-44760

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an...

4.8CVSS6.2AI score0.00637EPSS

Exploits2References4