CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2024/04/09 12:0 a.m.•3 views

Microsoft OLE 安全漏洞

Microsoft OLE is an object-oriented technology from Microsoft Corporation USA. A security vulnerability exists in Microsoft OLE. The following products and versions are affected:Microsoft SQL Server 2019 for x64-based Systems GDR,Microsoft SQL Server 2022 for x64-based Systems GDR,Microsoft OLE D...

8.8CVSS9AI score0.02351EPSS

Positive Technologies•added 2024/04/09 12:0 a.m.•2 views

PT-2024-3130 · Microsoft · Ole Db Driver For Sql Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft OLE DB Driver for SQL Server affected versions not specified Description: The issue is due to insufficient input validation in the Microsoft OLE DB Driver for SQL Server, which can be exploited by a remote attacker to execute...

10CVSS9.3AI score0.02351EPSS

Exploits0References6

Positive Technologies•added 2024/04/09 12:0 a.m.•2 views

PT-2024-3121 · Microsoft · Ole Db Driver For Sql Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft OLE DB Driver for SQL Server affected versions not specified Description: The issue exists due to insufficient input validation in the Microsoft OLE DB Driver for SQL Server. This allows a remote attacker to execute arbitrary code o...

10CVSS9.4AI score0.02213EPSS

Exploits0References6

CNNVD•added 2024/04/09 12:0 a.m.•7 views

Microsoft OLE DB Provider for SQL Server 安全漏洞

8.8CVSS8.8AI score0.024EPSS

CNNVD•added 2024/04/09 12:0 a.m.•5 views

Microsoft OLE DB Provider for SQL Server 安全漏洞

8.8CVSS8.8AI score0.02268EPSS

Github Security Blog•added 2024/03/26 9:23 p.m.•64 views

TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. Fix TinyMCE 6.8.1 introduced a new convertunsafeembeds opti...

6.1CVSS5.8AI score0.00722EPSS

Exploits0References6Affected Software2

BDU FSTEC•added 2024/03/22 12:0 a.m.•3 views

The vulnerability of the OLE mechanism in the Windows operating system, related to an uncontrolled search path element, allows a perpetrator to execute arbitrary code.

The vulnerability of the OLE mechanism in the Windows operating system is related to an uncontrolled element in the search process. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.02026EPSS

BDU FSTEC•added 2024/03/15 12:0 a.m.•2 views

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems is related to buffer overflows in dynamic memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS8.5AI score0.01658EPSS

OSV•added 2024/03/12 5:15 p.m.•1 views

CVE-2024-21435

Windows OLE Remote Code Execution Vulnerability...

8.8CVSS7.4AI score0.02026EPSS

CNNVD•added 2024/03/12 12:0 a.m.•5 views

Microsoft OLE Security Vulnerability

Microsoft OLE is an object-oriented technology from Microsoft Corporation USA. A security vulnerability exists in Microsoft OLE. An attacker could exploit this vulnerability to remotely execute code. The following products and versions are affected: Windows 11 Version 22H2 for ARM64-based...

8.8CVSS6.8AI score0.02026EPSS

BDU FSTEC•added 2024/03/11 12:0 a.m.•2 views

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

10CVSS8.5AI score0.01549EPSS

OSV•added 2024/03/06 7:18 p.m.•5 views

CVE-2023-48703 SAML authentication bypass vulnerability in RobotsAndPencils/go-saml

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...

7.5CVSS7.2AI score0.00559EPSS

OSV•added 2024/03/06 10:57 a.m.•18 views

BIT-DISCOURSE-2023-32301 Discourse's canonical url not being used for topic embeddings

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and...

5.3CVSS4.5AI score0.00423EPSS

OSV•added 2024/03/06 10:51 a.m.•21 views

BIT-DISCOURSE-2023-47121 Discourse SSRF vulnerability in Embedding

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the stable branch...

9.8CVSS6.2AI score0.00692EPSS

Exploits0References4

Pen Test Partners Blog•added 2024/02/15 6:43 a.m.•16 views

QR Phishing. Fact or Fiction?

October 2023’s Cyber Security Awareness Month led to a flurry of blog posts about a new attack called Quishing QR Code phishing and how new AI powered email gateways can potentially block these attacks. What’s the attack? To understand the attack you need understand the challenge that the attacke...

7.2AI score

Exploits0

OSV•added 2024/02/13 6:15 p.m.•1 views

CVE-2024-21369

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

8.8CVSS7.4AI score0.01549EPSS

OSV•added 2024/02/13 6:15 p.m.•1 views

CVE-2024-21372

Windows OLE Remote Code Execution Vulnerability...

8.8CVSS7.4AI score0.01806EPSS