CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

979 matches found

Tenable Nessus•added 2023/11/07 12:0 a.m.•32 views

Rocky Linux 8 : nodejs:10 (RLSA-2020:2848)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:2848 advisory. - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a...

9.3CVSS7.5AI score0.01491EPSS

Exploits3References7

SUSE CVE•added 2023/10/31 2:34 a.m.•2 views

SUSE CVE-2019-10747

set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads...

9.8CVSS9.4AI score0.00493EPSS

Exploits1References2

Code423n4•added 2023/10/26 12:0 a.m.•65 views

safeTransferFrom Does Not Check for Code at the Token Address

Lines of code Vulnerability details Impact The solady safeTransferFrom does not check for code at a token address before transferring. This can result in a deposit being made in a selfdestructed token or an embryonic token such as one that can be created from another chain's bridge without the us...

7.4AI score

Exploits0

Veracode•added 2023/10/20 2:20 a.m.•16 views

Prototype Pollution

deobfuscator is vulnerable to Prototype Pollution. This vulnerability allows an attacker to modify the prototype of the Object constructor via the LiteralMap transformer, which could then be used to execute arbitrary code on the victim's system...

8.1CVSS7.7AI score0.00165EPSS

Exploits1References4Affected Software1

RedHat Linux•added 2023/09/14 9:51 a.m.•2 views

SnakeYaml: Constructor Deserialization Remote Code Execution

A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution RCE...

9.8CVSS7.5AI score0.93849EPSS

Exploits7References5

Code423n4•added 2023/09/06 12:0 a.m.•7 views

Array Mismatch in RdpxV2Core.sol

Lines of code Vulnerability details Impact reserveTokens and reserveAsset are not synced because reserveTokens was not initialized in the constructor. Proof of Concept The RdpxV2Core.sol contract stores the reserve token information and also uses another array to only track the reserve token...

6.7AI score

Exploits0

Veracode•added 2023/08/23 5:5 p.m.•37 views

Improper Access Control

nodejs is vulnerable to Improper Access Control. This vulnerability exists due to a flaw in the way the module.constructor.createRequire API can be used to bypass the policy mechanism. An attacker can exploit this vulnerability to load modules outside of the policy...

8.8CVSS6.7AI score0.00074EPSS

Exploits0References7Affected Software1

Veracode•added 2023/08/22 2:36 a.m.•23 views

Arbitrary Code Execution

com.alibaba.nacos:nacos-spring-context is vulnerable to Arbitrary Code Execution. The vulnerability exists in the SnakeYamls Constructor, which is used to parse YAML files. An attacker who is able to modify a yaml file thats defined in the NacosPropertySource is able to execute arbitrary code...

8.8CVSS7.5AI score0.02308EPSS

Exploits1References2Affected Software1