CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

55 matches found

Veracode•added 2024/09/18 9:40 a.m.•3 views

Deserialization Of Untrusted Data

Langchain is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper deserialization of untrusted pickle data in the FAISS.deserializefrombytes function, which allows execution of arbitrary commands via os.system...

7.8CVSS7.1AI score0.0009EPSS

Exploits1References3Affected Software1

0day.today•added 2023/03/24 12:0 a.m.•159 views

Online Graduate Tracer System - Multiple SQL injection Vulnerabilities

A Blind SQL injection vulnerability in the fill-in forms of Online Graduate Tracer System allows remote unauthenticated attackers to execute remote arbitrary SQL commands through "age" parameter. Description A Blind SQL injection vulnerability in the fill-in forms of Online Graduate Tracer System...

9AI score

Exploits0

CVE•added 2023/01/17 12:0 a.m.•110 views

CVE-2022-2251

GitLab Runner (GitLab) suffers from an OS command injection due to improper sanitization/cleanup of branch names. A user can create a specially crafted branch name and cause another user’s pipeline to execute commands in the runner as that user. Affected versions are prior to 15.3.5, 15.4 prior t...

8CVSS7.5AI score0.022EPSS

Exploits1References3Affected Software1

OSV•added 2022/11/02 4:15 p.m.•1 views

DEBIAN-CVE-2022-41716

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...

7.5CVSS6.9AI score0.00013EPSS

Exploits0References1

CNVD•added 2022/06/17 12:0 a.m.•71 views

Apache Hadoop Elevation of Privilege Vulnerability (CNVD-2022-51055)

Apache Hadoop is an open source distributed systems infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data and is highly reliable, scalable, and fault-tolerant. an elevation of privilege vulnerability exists in Apache Hadoop, which ste...

9CVSS3.1AI score0.02035EPSS

Exploits0References1

CNVD•added 2020/09/27 12:0 a.m.•2 views

Telmat AccessLog Code Injection Vulnerability

Telmat AccessLog is an access log monitoring product from Telmat France. The product protects public and private networks based on access logs. A code injection vulnerability exists in Telmat AccessLog versions prior to 6.0 TAL20180415, which arises from a network system or product not properly...

9CVSS7.7AI score0.01071EPSS

Exploits1References1

Cvelist•added 2020/02/24 5:42 p.m.•14 views

CVE-2019-10799

compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExitcssPath" within "dist/index.js" is executed as part of the "rm" command without any sanitization...

8.3AI score0.00432EPSS

Exploits1References2

NVD•added 2017/02/09 3:59 p.m.•19 views

CVE-2015-6024

ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIAIPADDRESS parameter...

10CVSS7.5AI score0.49289EPSS

Exploits4References6

myhack58•added 2014/02/27 12:0 a.m.•23 views

Google Chrome Developer Tools vulnerability exploit-vulnerability warning-the black bar safety net

0x00 introduction The story originated in the Chromium source code in the named InjectedScriptSource.js files, this file is responsible for the console in the command execution. Maybe a lot of people would say: 【Wait! Why is the JavaScript in charge of the command execution,Chromium/Chrome is not...

0.8AI score

Exploits0

Cvelist•added 2008/08/06 5:5 p.m.•13 views

CVE-2008-3491

SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action...

8.3AI score0.03294EPSS

Exploits1References10

OSV•added 2005/05/24 4:0 a.m.•4 views

CVE-2005-1705

gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb...

6.9AI score

Exploits0References14

Packet Storm•added 2003/10/30 12:0 a.m.•43 views

cpCommerce.exp.txt

ZH2003-31SA security advisory: file inclusion vulnerability in cpCommerce Published: 19 October 2003 Name: cpCommerce Affected Versions: 0.05f and other versions? Vendor: http://www.cpcommerce.org Issue: file inclusion vulnerability Author: Astharot at Zone-H.org Description Zone-H Security Team...

7.4AI score

Exploits0

CVE•added 2000/10/13 4:0 a.m.•59 views

CVE-2000-0002

The provided documents confirm CVE-2000-0002 affects ZBServer Pro 1.50 and describes a buffer overflow in handling a long GET request, enabling remote command execution by an attacker. The OpenVAS entries corroborate a remote overflow/DoS scenario related to too-long URLs. No product-specific rem...

10CVSS7.3AI score0.09288EPSS

Exploits0References4Affected Software1

CVE•added 2000/02/04 5:0 a.m.•44 views

CVE-2000-0046

CVE-2000-0046 is a buffer overflow vulnerability in the ICQ 99b 1.1.1.1 client that allows remote attackers to execute commands by sending a malformed URL contained in an ICQ message. The available connected documents confirm ICQ is installed on affected hosts and reference the CVE in multiple vu...

7.5CVSS5.9AI score0.04729EPSS

Exploits0References1Affected Software1

NVD•added 1996/04/18 4:0 a.m.•11 views

CVE-1999-0078

pcnfsd aka rpc.pcnfsd allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call...

1.9CVSS0.00106EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by