CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2024/02/29 1:44 a.m.•24 views

Design/Logic Flaw

4.9CVSS7.2AI score0.00608EPSS

OSSF Malicious Packages•added 2024/02/28 8:55 p.m.•3 views

Malicious code in bubble-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis de676130e5f20504bbb50fd8fdbed9113a13ef5cb82cb7989dfdd28a8bfb4f42 The OpenSSF Package Analysis project identified 'bubble-dev' @ 50.1.1 npm as malicious. It is considered malicious because: - The package...

7.1AI score

CVE•added 2024/02/28 3:34 p.m.•149 views

CVE-2024-27083

CVE-2024-27083 affects Flask-AppBuilder. An XSS on the OAuth login page was introduced in 4.1.4 and fixed in 4.2.1. Impact is on the OAuth login flow where crafted URLs can execute JavaScript in the user’s browser. Affected versions: 4.1.4 through 4.2.0; remediation: upgrade to 4.2.1 or newer. Ex...

6.1CVSS4.3AI score0.00567EPSS

Exploits0References2Affected Software1

OSV•added 2024/02/28 3:34 p.m.•47 views

CVE-2024-27083 Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...

4.3CVSS5.2AI score0.00567EPSS

Exploits0References4

OSV•added 2024/02/28 9:15 a.m.•8 views

CVE-2021-47043

In the Linux kernel, the following vulnerability has been resolved: media: venus: core: Fix some resource leaks in the error path of 'venusprobe' If an error occurs after a successful 'oficcget' call, it must be undone. Use 'devmoficcget' instead of 'oficcget' to avoid the leak. Update the remove...

5.5CVSS6.6AI score

Exploits0References4

OpenVAS•added 2024/02/28 12:0 a.m.•14 views

SUSE: Security Advisory (SUSE-SU-2023:1864-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.6CVSS6.9AI score0.00294EPSS

Exploits1References4

OSV•added 2024/02/27 7:4 p.m.•6 views

AZL-35471 CVE-2024-27099 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect AMQPVALUE failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987...

9.8CVSS6.9AI score0.0143EPSS

Exploits0References1

Cvelist•added 2024/02/26 7:40 p.m.•20 views

CVE-2024-27092 Content spoofing - real Hoppscotch emails

5.4CVSS5.5AI score0.00608EPSS

Vulnrichment•added 2024/02/26 7:40 p.m.•32 views

CVE-2024-27092 Content spoofing - real Hoppscotch emails

5.4CVSS6.7AI score0.00608EPSS

OSV•added 2024/02/26 7:40 p.m.•22 views

CVE-2024-27092 Content spoofing - real Hoppscotch emails

5.4CVSS5.5AI score0.00608EPSS

Exploits1References5

CNVD•added 2024/02/26 12:0 a.m.•5 views

Weak Password Vulnerability in KingH5Stream of Beijing Asian Control Technology Development Co.

Ltd. is a high-tech industrial automation and informatization software platform enterprise founded in 1997. A weak password vulnerability exists in KingH5Stream, which can be exploited by attackers to obtain sensitive information...

7AI score

Positive Technologies•added 2024/02/26 12:0 a.m.•4 views

PT-2024-40180 · Unknown · @Nfid/Embed Sdk +2

Name of the Vulnerable Software and Affected Versions: @nfid/embed SDK versions prior to 0.10.1-alpha.6 @dfinity/auth-client versions prior to 1.0.1 @dfinity/identity versions prior to 1.0.1 Description: The issue affects user sessions in the @nfid/embed SDK that utilize Ed25519 keys, due to a...

9.1CVSS7.2AI score

Exploits0References4

Fedora•added 2024/02/24 1:29 a.m.•19 views

[SECURITY] Fedora 39 Update: mingw-qt5-qttranslations-5.15.12-1.fc39

This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler...

6.2CVSS6.4AI score0.00321EPSS

Fedora•added 2024/02/24 1:29 a.m.•18 views

[SECURITY] Fedora 39 Update: mingw-qt5-qtsvg-5.15.12-1.fc39

This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler...

6.2CVSS6.4AI score0.00321EPSS

OpenVAS•added 2024/02/24 12:0 a.m.•17 views

Fedora: Security Advisory for mingw-qt5-qtxmlpatterns (FEDORA-2024-a8cdce27ac)

6.2CVSS6.8AI score0.00321EPSS

Exploits0References2

CNNVD•added 2024/02/23 12:0 a.m.•6 views

Silicon Labs Ember ZNet Code Issue Vulnerability

Silicon Labs Ember ZNet is a protocol stack software from Silicon Labs, Inc. A code issue vulnerability exists in Silicon Labs Ember ZNet SDK prior to version v7.4.0 that stems from the presence of a NULL pointer dereference, which may cause a system crash...

7.5CVSS7AI score0.00515EPSS

NVD•added 2024/02/22 7:15 p.m.•9 views

CVE-2024-26128

baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability...

5.4CVSS5.2AI score0.00572EPSS

NVD•added 2024/02/22 7:15 p.m.•26 views

CVE-2024-25129

The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...

5.5CVSS3.5AI score0.00773EPSS

Prion•added 2024/02/22 7:15 p.m.•9 views

Cross site scripting

4.9CVSS6.6AI score0.00572EPSS