CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3631 matches found

Prion•added 2024/02/06 9:15 p.m.•24 views

Hardcoded credentials

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWTKEYADMIN leads to use of hard-coded cryptographic k...

1.8CVSS7.1AI score0.00608EPSS

Exploits0References3Affected Software1

Veracode•added 2024/02/06 7:27 a.m.•37 views

Regular Expression Denial Of Service (ReDoS)

fastapi is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to the python-multipart dependency which utilized a Regex expression with inefficient complexity. An attacker can inject a malicious Content-Type header, which causes the application to hang while it...

7.5CVSS6.7AI score0.01523EPSS

Exploits1References9Affected Software1

Cvelist•added 2024/02/04 4:31 a.m.•27 views

CVE-2015-10129 planet-freo auth.inc.php comparison

A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity ...

3.7CVSS5.8AI score0.00621EPSS

Exploits0References3

GithubExploit•added 2024/02/04 1:40 a.m.•300 views

Exploit for Forced Browsing in Fortra Goanywhere_Managed_File_Transfer

CVE-2024-0204: Authentication Bypass in GoAnywhere MFT Script...

9.8CVSS9.6AI score0.95086EPSS

Exploits8

Github Security Blog•added 2024/01/27 12:30 p.m.•10 views

ai-flow Deserialization of Untrusted Data vulnerability

A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \aiflow\cli\commands\workflowcommand.py. The manipulation leads to deserialization. The attack can be launched remotely. The...

9.8CVSS6.8AI score0.00713EPSS

Exploits0References6Affected Software1

OSV•added 2024/01/27 12:30 p.m.•19 views

GHSA-7MGG-3RQ2-HFF4 ai-flow Deserialization of Untrusted Data vulnerability

5CVSS9.6AI score0.00713EPSS

Exploits0References6

OSV•added 2024/01/27 12:15 p.m.•20 views

CVE-2024-0960

9.8CVSS9.6AI score

Exploits0References4

Vulnrichment•added 2024/01/27 12:0 p.m.•3 views

CVE-2024-0960 flink-extended ai-flow workflow_command.py cloudpickle.loads deserialization

5.1CVSS9.5AI score0.00713EPSS

Exploits0References4

Cvelist•added 2024/01/27 12:0 p.m.•20 views

CVE-2024-0960 flink-extended ai-flow workflow_command.py cloudpickle.loads deserialization

5.1CVSS9.8AI score0.00713EPSS

Exploits0References4

NVD•added 2024/01/27 11:15 a.m.•20 views

CVE-2024-0959

A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\utils\pposgdfuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is...

9.8CVSS6.4AI score0.00713EPSS

Exploits0References4

Prion•added 2024/01/27 11:15 a.m.•11 views

Deserialization of untrusted data

5.1CVSS7.1AI score0.00713EPSS

Exploits0References4Affected Software1

Cvelist•added 2024/01/27 10:31 a.m.•29 views

CVE-2024-0959 StanfordVL GibsonEnv pposgd_fuse.py cloudpickle.load deserialization

5.1CVSS9.8AI score0.00713EPSS

Exploits0References4

Vulnrichment•added 2024/01/27 10:31 a.m.•23 views

CVE-2024-0959 StanfordVL GibsonEnv pposgd_fuse.py cloudpickle.load deserialization

5.1CVSS7.1AI score0.00713EPSS

Exploits0References4

NVD•added 2024/01/26 8:15 p.m.•13 views

CVE-2024-0944

A vulnerability was found in Totolink T8 4.1.5cu.83320220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is...

5.3CVSS4.6AI score0.0153EPSS

Exploits1References4

NVD•added 2024/01/26 8:15 p.m.•17 views

CVE-2024-0943

A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attac...

5.3CVSS4.6AI score0.00591EPSS

Exploits0References4

Prion•added 2024/01/26 8:15 p.m.•17 views

Information disclosure

A vulnerability was found in Totolink N200RE V5 9.3.5u.6255B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is...

2.6CVSS7AI score0.00657EPSS

Exploits1References4Affected Software1

Prion•added 2024/01/26 8:15 p.m.•21 views

Design/Logic Flaw

2.6CVSS6.9AI score0.00591EPSS

Exploits0References3Affected Software1

CVE•added 2024/01/26 8:0 p.m.•81 views

CVE-2024-0943

Totolink N350RT firmware 9.3.5u.6255 contains a vulnerability in /cgi-bin/cstecgi.cgi causing session expiration. The issue is exploitable remotely with network access; attack complexity is high, and exploitation is considered difficult. Multiple sources (NVD/NVDB mirrors, Red Hat advisory, CNVD,...

5.3CVSS5.5AI score0.00591EPSS

Exploits0References4Affected Software1

Cvelist•added 2024/01/26 8:0 p.m.•20 views

CVE-2024-0943 Totolink N350RT cstecgi.cgi session expiration

3.7CVSS5.6AI score0.00591EPSS

Exploits0References4

Cvelist•added 2024/01/26 7:31 p.m.•14 views

CVE-2024-0942 Totolink N200RE V5 cstecgi.cgi session expiration

3.7CVSS5AI score0.00657EPSS

Exploits1References5

Rows per page