CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Hacker News•added 2024/10/07 9:30 a.m.•25 views

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit SDK that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561 CVSS score: 9.3, impacts all versions of the software prior t...

9.2CVSS7.4AI score0.03278EPSS

ATTACKERKB•added 2024/07/18 6:15 p.m.•3 views

CVE-2024-5625

Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics Apinizer Management Console allows Data Serialization External Entities Blowup. This issue affects Apinizer Management Console: before 2024.05.1...

6.5CVSS5.8AI score0.00359EPSS

NVD•added 2024/07/18 6:15 p.m.•15 views

CVE-2024-5625

6.5CVSS0.00359EPSS

Cvelist•added 2024/07/18 5:12 p.m.•26 views

CVE-2024-5625 XML External Entity Injection in PruvaSoft Informatics' Apinizer Management Console

6.5CVSS0.00359EPSS

Vulnrichment•added 2024/07/18 5:12 p.m.•8 views

CVE-2024-5625 XML External Entity Injection in PruvaSoft Informatics' Apinizer Management Console

6.5CVSS5.8AI score0.00359EPSS

Positive Technologies•added 2024/07/18 12:0 a.m.•2 views

PT-2024-36773 · Unknown · Apinizer Management Console

Name of the Vulnerable Software and Affected Versions: Apinizer Management Console versions prior to 2024.05.1 Description: The issue is related to an Improper Restriction of XML External Entity Reference, which allows Data Serialization External Entities Blowup. Recommendations: For versions pri...

6.5CVSS7.1AI score0.00359EPSS

Exploits0References4

OSV•added 2024/07/01 5:15 p.m.•1 views

CVE-2024-36984

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code...

8.8CVSS6AI score0.01412EPSS

Amazon•added 2024/06/14 12:0 a.m.•4 views

Important: R

Issue Overview: Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system...

8.8CVSS7.4AI score0.23618EPSS

SUSE CVE•added 2024/06/04 12:19 p.m.•3 views

SUSE CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system when interacted...

8.8CVSS8.3AI score0.23618EPSS

OSV•added 2024/04/29 1:15 p.m.•5 views

AZL-42792 CVE-2024-27322 affecting package R for versions less than 4.4.1-1

8.8CVSS7.3AI score0.23618EPSS

Exploits0References1

OSV•added 2024/04/29 1:15 p.m.•4 views

AZL-42815 CVE-2024-27322 affecting package R for versions less than 4.1.0-5

8.8CVSS7.3AI score0.23618EPSS

Exploits0References1

OSV•added 2024/04/29 1:15 p.m.•1 views

UBUNTU-CVE-2024-27322

8.8CVSS7.3AI score0.23618EPSS

Exploits0References12

CERT•added 2024/04/29 12:0 a.m.•31 views

R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files

Overview A vulnerability in the R language that allows for arbitrary code to be executed directly after the deserialization of untrusted data has been discovered. This vulnerability can be exploited through RDS R Data Serialization format files and .rdx files. An attacker can create malicious RDS...

8.8CVSS8.7AI score0.23618EPSS

Vulnrichment•added 2024/04/24 7:6 p.m.•13 views

CVE-2024-32876 NewPipe has potential security vulnerability when importing settings

NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in...

8.5CVSS7.4AI score0.00324EPSS

Exploits0References4

CVE•added 2024/04/11 12:0 a.m.•69 views

CVE-2024-29452

CVE-2024-29452 relates to ROS2 Humble Hawksbill, with insecure deserialization vulnerabilities in ROS2 Humble Hawksbill versions 2 and 3. The issue enables an attacker to execute arbitrary code and obtain sensitive information via crafted input affecting the Data Serialization and Deserialization...

CVE•added 2024/04/10 12:0 a.m.•6962 views

CVE-2024-30719

CVE-2024-30719 is rejected; this candidate is not used and does not reflect an active vulnerability entry.

CVE•added 2024/04/10 12:0 a.m.•7485 views

CVE-2024-30736

CVE-2024-30736 entry is rejected/not used; withdrawn by CNA with no vulnerability evidence.

CVE•added 2024/04/09 6:59 p.m.•70 views

CVE-2024-2501

CVE-2024-2501 affects Hubbub Lite (WordPress plugin) up to version 1.33.1 and enables PHP Object Injection via deserialization in the dpsp_maybe_unserialize function. Authenticated attackers with Contributor+ privileges can inject a PHP object; if a POP chain exists via another plugin/theme, this...

7.5CVSS9.3AI score0.00921EPSS

Exploits0References4

CVE•added 2024/04/09 12:0 a.m.•7813 views

CVE-2024-30687

CVE-2024-30687 has been withdrawn; multiple sources (NVD, CNNVD, CVE List) state: “DO NOT USE THIS CANDIDATE NUMBER. This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability.” Consequently, there is ...