CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2022/06/30 5:15 p.m.•15 views

Code injection

3.3CVSS6.8AI score0.00377EPSS

Exploits0References2Affected Software1

CVE•added 2022/06/30 4:25 p.m.•82 views

CVE-2022-22496

CVE-2022-22496 affects IBM Spectrum Protect Server 8.1.0.000–8.1.14 when a user account is being established and the installation is configured with SESSIONSECURITY=TRANSITIONAL. In this mode, it is susceptible to an offline dictionary attack that could expose credentials. The issue is documented...

6.5CVSS6.2AI score0.00377EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/06/30 4:25 p.m.•18 views

CVE-2022-22496

5.3CVSS7AI score0.00377EPSS

CNNVD•added 2022/06/30 12:0 a.m.•8 views

Ping Identity PingID Mac Login 授权问题漏洞

Ping Identity PingID Mac Login is an authentication application from Ping Identity USA. A security vulnerability exists in Ping Identity PingID Mac Login versions prior to 1.1, which stems from an RSA misconfiguration that is susceptible to a pre-computed dictionary attack, leading to an offline...

7.7CVSS7.3AI score0.00666EPSS

IBM Security Bulletins•added 2022/06/29 8:16 p.m.•40 views

Security Bulletin: IBM Spectrum Protect Server vulnerable to offline dictionary and brute force attacks (CVE-2022-22496, CVE-2022-22487)

Summary The IBM Spectrum Protect Server is vulnerable to an offline dictionary attack when using SESSIONSECURITY=TRANSITIONAL. The IBM Spectrum Protect Storage agent is vulnerable to a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrati...

9.8CVSS1.1AI score0.01252EPSS

Exploits0Affected Software1

The Hacker News•added 2022/06/15 1:5 p.m.•21 views

Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers

A new Golang-based peer-to-peer P2P botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware "utilizes its built-in concurrency features to maximize spreadability and execute malware...

0.6AI score

CNNVD•added 2022/04/30 12:0 a.m.•19 views

Ping Identity Windows PingId 授权问题漏洞

Ping Identity Windows PingId is a software from Ping Identity USA that provides security for applications. A security vulnerability exists in PingID Windows Login version 2.7 that stems from an RSA misconfiguration that is susceptible to a pre-computed dictionary attack, leading to an offline MFA...

7.7CVSS5.9AI score0.0047EPSS

CNNVD•added 2022/04/30 12:0 a.m.•5 views

Ping Identity iOS App 安全特征问题漏洞

Ping Identity iOS App is a mobile app for authentication from Ping Identity. A security vulnerability exists in Ping Identity iOS App versions prior to 1.19, which stems from a misconfigured RSA that is susceptible to a pre-computed dictionary attack, leading to a bypass of the offline MFA when...

6.6CVSS5.2AI score0.00231EPSS

The Hacker News•added 2022/02/22 7:22 a.m.•65 views

Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike

Vulnerable internet-facing Microsoft SQL MS SQL Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. "Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not...

2.1AI score

The Hacker News•added 2021/10/28 1:12 p.m.•19 views

Israeli Researcher Cracked Over 3,500 Wi-Fi Networks in Tel Aviv City

Over 70% of Wi-Fi networks from a sample size of 5,000 were hacked with "relative ease" in the Israeli city of Tel Aviv, highlighting how unsecure Wi-Fi passwords can become a gateway for serious threats to individuals, small businesses, and enterprises alike. CyberArk security researcher Ido...

Kitploit•added 2021/09/24 11:30 a.m.•39 views

Reconky - A Great Content Discovery Bash Script For Bug Bounty Hunters Which Automate Lot Of Task And Organized It

Reconky is a script written in bash to automate the task of recon and information gathering.This Bash Script allows you to collect some information that will help you identify what to do next and where to look for the required target. Usage ./reconky.sh Main-Features It will Gathers Subdomains wi...

7AI score

OSV•added 2021/09/01 1:15 p.m.•2 views

CVE-2021-37151

CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one aka Username...

5.3CVSS5.8AI score

CNVD•added 2021/07/26 12:0 a.m.•17 views

EVlink City, EVlink Parking, EVlink Smart Wallbox Information Disclosure Vulnerability (CNVD-2021-62192)

Schneider Electric EVlink City, among others, is a charging solution for electric vehicle charging stations from the French company Schneider Electric. The EVlink City, EVlink Parking, and EVlink Smart Wallbox information disclosure vulnerability can be exploited by an attacker to gain knowledge ...

7.5CVSS7.4AI score0.00799EPSS

Exploits0References1

CNNVD•added 2021/07/09 12:0 a.m.•3 views

EdgeX Foundry 安全漏洞

EdgeX Foundry is an open source project to build a common open framework for IoT edge computing. EdgeX Foundry suffers from a security vulnerability that stems from the fact that when the EdgeX API gateway is configured for OAuth2 authentication and a proxy user is created, the client id and clie...

8.3CVSS6.6AI score0.00799EPSS

ThreatPost•added 2021/06/16 3:50 p.m.•184 views

Euros Football Fever Nets Dumb Passwords

The European soccer championship a.k.a. the Euros is stoking maximum football fever, which has slopped over into easy-to-crack passwords. Such as, say, “football.” That password is of course easy as pie to crack via a dictionary attack – a type of brute-force attack that involves trying thousands...

7.7AI score

Exploits0References24

Imperva Blog•added 2021/04/23 12:46 p.m.•51 views

The Account Takeover Threat: A By-the-Numbers Breakdown

Identity theft has come a long way in the age of technology. The more data is available online, the greater the threat. In this blog we will dive into the different characteristics and statistics of real world Account Takeover attacks as recorded and mitigated by Imperva’s Advanced Bot Protection...

0.8AI score

OpenVAS•added 2021/02/22 12:0 a.m.•5 views

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-1357)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.6AI score0.05118EPSS

Exploits1References2

NVD•added 2021/01/21 3:15 p.m.•9 views

CVE-2021-21253

OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for...

5.8CVSS5.7AI score0.00736EPSS

Cvelist•added 2021/01/21 2:20 p.m.•10 views

CVE-2021-21253 Use of a One-Way Hash without a Salt in OnlineVotingSystem

5.8CVSS5.9AI score0.00736EPSS