CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3628 matches found

Cvelist•added 2023/09/01 7:0 p.m.•16 views

CVE-2023-4711 D-Link DAR-8000-10 decodmail.php os command injection

A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. Th...

5CVSS8.6AI score0.05769EPSS

Exploits1References3

Vulnrichment•added 2023/09/01 7:0 p.m.•13 views

CVE-2023-4711 D-Link DAR-8000-10 decodmail.php os command injection

5CVSS7.2AI score0.05769EPSS

Exploits1References3

Cvelist•added 2023/08/24 4:5 p.m.•26 views

CVE-2023-40707 Weak password requirements in OPTO 22 SNAP PAC S1 Built-in Web Server

There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials...

8.6CVSS8.8AI score0.00468EPSS

Exploits0References1

ICS•added 2023/08/22 6:0 a.m.•77 views

Hitachi Energy AFF66x

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFF66x Vulnerabilities: Cross-site Scripting, Use of Insufficiently Random Values, Origin Validation Error, Integer Overflow or Wraparound, Uncontrolled Resource...

9.6CVSS8.8AI score0.98745EPSS

Exploits6References8

ICS•added 2023/08/22 6:0 a.m.•31 views

Trane Thermostats

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low attack complexity Vendor: Trane Equipment: XL824, XL850, XL1050, and Pivot thermostats Vulnerability: Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as root...

6.8CVSS6.9AI score0.01162EPSS

Exploits0References8

Debian CVE•added 2023/08/18 3:0 p.m.•14 views

CVE-2023-4413

Removed by vendor...

4.8AI score

Exploits0

Vulnrichment•added 2023/08/17 2:31 a.m.•16 views

CVE-2023-4392 Control iD Gerencia Web Cookie cleartext storage

A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic. Affected by this issue is some unknown functionality of the component Cookie Handler. The manipulation leads to cleartext storage of sensitive information. The attack may be launched remotely. The complexity ...

3.7CVSS5.2AI score0.00513EPSS

Exploits1References3

NVD•added 2023/08/16 8:15 p.m.•21 views

CVE-2023-4384

A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to missing encryption of sensitive data. The attack can be initiated remotely. The complexity of ...

5.9CVSS4.8AI score0.00357EPSS

Exploits1References3

Rapid7 Blog•added 2023/08/14 1:30 p.m.•24 views

What's New in CVSS v4

The pending update to the Common Common Vulnerability Scoring System CVSS, version 4.0, has garnered a noticeable volume of articles, blog posts and watercooler now known as Slack and Zoom air time. Reaction from the community has been positive, with general sentiment pinned somewhere near...

6.8AI score

Exploits0

Prion•added 2023/08/10 2:15 p.m.•24 views

Design/Logic Flaw

Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an Untrusted Search Path vulnerability that could lead to Application denial-of-service. An attacker could leverage this vulnerability if the default PowerShell Set-ExecutionPolicy is set to...

1.2CVSS4.9AI score0.003EPSS

Exploits0References1Affected Software4

OSV•added 2023/08/08 5:12 p.m.•38 views

GHSA-7VH7-FW88-WJ87 Several quadratic complexity bugs may lead to denial of service in Commonmarker

Impact Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: CVE-2023-37463 For more information, consult the release notes for version 0.29.0.gfm.1...

7.1AI score

Exploits0References5

ICS•added 2023/08/08 12:0 a.m.•42 views

â€‹Siemens JT Open, JT Utilities, and Parasolid

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...

7.8CVSS8.1AI score0.00202EPSS

Exploits0References12

Veracode•added 2023/08/06 1:56 p.m.•22 views

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. The vulnerability allows a malicious attacker to make a gitlab instance inaccessible using crafted web server response headers with inefficient regular expression complexities, resulting in a regular expression DoS...

5.3CVSS6.7AI score0.00837EPSS

Exploits0References4Affected Software1