CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6035 matches found

Veracode•added 2023/10/20 6:28 a.m.•18 views

Directory Traversal

github.com/arduino/arduino-create-agent is vulnerable to Directory Traversal. When the attacker has access to the localhost interface, they can send a specially crafted HTTP DELETE request to the /v2/pkgs/tools/installed endpoint, specifying the path of the file or folder that they want to delete...

7.1CVSS6.7AI score0.00326EPSS

Exploits0References6Affected Software1

CNNVD•added 2023/10/20 12:0 a.m.•4 views

WordPress Plugin BEAR Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

4.3CVSS6.4AI score0.0028EPSS

Exploits0References5

Veracode•added 2023/10/19 5:53 a.m.•17 views

Privilege Escalation

Arduino Create Agent is vulnerable to Privilege Escalation. The vulnerability is due to the improper handling of requests to the endpoint /v2/pkgs/tools/installed. This can be exploited by an attacker via executing a HTTP requests to the localhost interface leading to the elevation of privileges ...

7.8CVSS6.8AI score0.00211EPSS

Exploits0References4Affected Software1

NVD•added 2023/10/18 10:15 p.m.•29 views

CVE-2023-43800

Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint /v2/pkgs/tools/installed. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those ...

7.8CVSS7.3AI score0.00211EPSS

Exploits0References3

NVD•added 2023/10/18 10:15 p.m.•46 views

CVE-2023-43801

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

7.1CVSS6.4AI score0.00326EPSS

Exploits0References3

Prion•added 2023/10/18 10:15 p.m.•17 views

Design/Logic Flaw

4.3CVSS7.6AI score0.00211EPSS

Exploits0References3Affected Software1

NVD•added 2023/10/18 9:15 p.m.•14 views

CVE-2023-43803

7.1CVSS6.4AI score0.00326EPSS

Exploits0References4

NVD•added 2023/10/18 9:15 p.m.•41 views

CVE-2023-43802

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can...

7.8CVSS7.2AI score0.00354EPSS

Exploits0References3

Prion•added 2023/10/18 9:15 p.m.•23 views

Authentication flaw

3.2CVSS6.7AI score0.00326EPSS

Exploits0References4Affected Software1

Prion•added 2023/10/18 9:15 p.m.•19 views

Design/Logic Flaw

4.3CVSS7.6AI score0.00354EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2023/10/18 9:7 p.m.•15 views

CVE-2023-43800 Insufficient Verification of Data Authenticity in Arduino Create Agent

7.3CVSS6.9AI score0.00211EPSS

Exploits0References3

Cvelist•added 2023/10/18 9:7 p.m.•37 views

CVE-2023-43800 Insufficient Verification of Data Authenticity in Arduino Create Agent

7.3CVSS7.8AI score0.00211EPSS

Exploits0References3

CVE•added 2023/10/18 9:7 p.m.•58 views

CVE-2023-43800

CVE-2023-43800 affects the Arduino Create Agent. The vulnerability stems from the endpoint /v2/pkgs/tools/installed, where a user able to issue HTTP requests to the localhost interface or bypass the CORS policy can escalate privileges to the user running the Arduino Create Agent service via a cra...

7.8CVSS7.2AI score0.00211EPSS

Exploits0References3Affected Software1

OSV•added 2023/10/18 9:7 p.m.•31 views

CVE-2023-43800 Insufficient Verification of Data Authenticity in Arduino Create Agent

7.3CVSS7.4AI score0.00211EPSS

Exploits0References5

Cvelist•added 2023/10/18 9:6 p.m.•49 views

CVE-2023-43801 Path traversal in Arduino Create Agent

6.1CVSS7AI score0.00326EPSS

Exploits0References3

Vulnrichment•added 2023/10/18 9:6 p.m.•14 views

CVE-2023-43801 Path traversal in Arduino Create Agent

6.1CVSS6.8AI score0.00326EPSS

Exploits0References3

CVE•added 2023/10/18 9:6 p.m.•70 views

CVE-2023-43801

CVE-2023-43801 affects the Arduino Create Agent, specifically the endpoint /v2/pkgs/tools/installed. A user able to make HTTP requests to the localhost interface or bypass CORS can delete arbitrary files/folders owned by the Arduino Create Agent’s running user via a crafted HTTP DELETE request. R...

7.1CVSS6.4AI score0.00326EPSS

Exploits0References3Affected Software1

Cvelist•added 2023/10/18 8:39 p.m.•50 views

CVE-2023-43802 Path traversal in Arduino Create Agent

7.1CVSS7.8AI score0.00354EPSS

Exploits0References3

Vulnrichment•added 2023/10/18 8:39 p.m.•10 views

CVE-2023-43802 Path traversal in Arduino Create Agent

7.1CVSS6.9AI score0.00354EPSS

Exploits0References3

CVE•added 2023/10/18 8:39 p.m.•69 views

CVE-2023-43802

Arduino Create Agent is affected by a path traversal vulnerability in the /upload endpoint that processes the filename parameter. A user able to issue HTTP requests to the localhost interface or bypass CORS can escalate privileges to the user running the Arduino Create Agent service via a crafted...

7.8CVSS7.1AI score0.00354EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by