CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

NVD•added 2025/09/19 7:15 p.m.•1 views

CVE-2022-4980

General Bytes Crypto Application Server CAS beginning with version 20201208 prior to 20220531.38 backport and 20220725.22 mainline contains an authentication bypass in the admin web interface. An unauthenticated attacker could invoke the same URL used by the product's default-installation /...

9.3CVSS0.00751EPSS

Exploits0References6

Packet Storm News•added 2025/07/22 12:0 a.m.•3 views

Logwatch 7.13

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems...

7AI score

Exploits0

Positive Technologies•added 2024/12/19 12:0 a.m.•1 views

PT-2024-35708 · Unknown · Home-Gallery.Org

Name of the Vulnerable Software and Affected Versions: Home-Gallery.org versions 1.15.0 and earlier Description: The default setup of Home-Gallery.org is vulnerable to DNS rebinding due to the lack of TLS and user authentication. An attacker can exploit this by changing the DNS records of their...

5.3CVSS7.2AI score0.00055EPSS

Exploits0References8

Debian CVE•added 2023/11/07 7:14 p.m.•47 views

CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...

7.5CVSS6.7AI score0.00397EPSS

Exploits0

Hacker One•added 2021/04/18 8:17 p.m.•17 views

Nextcloud: Nextcloud deck sharee search leaks searches to lookupserver by default

So, in short this is related to the other 2 reports https://hackerone.com/reports/1167916 and https://hackerone.com/reports/1167919 While I could not find deck on your h1 page. I kind of assume it is in scope as well as this is something you sell with the 'groupware' subscription...

4.3CVSS6.4AI score0.00652EPSS

Exploits0

NVD•added 2017/09/06 9:29 p.m.•10 views

CVE-2015-5959

Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log...

9.8CVSS9.5AI score0.01459EPSS

Exploits0References3

Atlassian•added 2013/10/01 9:22 a.m.•24 views

RSS Macro should not trust all content from the origin server by default.

The RSS feed macro currently appears to be enabled by default in Confluence. This is contrary to the information contained in the following Confluence documentation: https://confluence.atlassian.com/display/DOC/RSS+Feed+Macro While a whitelist is enforced by default, as confluence implicitly trus...

0.5AI score

Exploits0Affected Software1