CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

484 matches found

OSV•added 2022/05/24 3:15 p.m.•2 views

DEBIAN-CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can...

7.5CVSS7.5AI score0.00422EPSS

Exploits0References1

OSV•added 2022/05/24 3:15 p.m.•0 views

UBUNTU-CVE-2022-29217

7.5CVSS7AI score0.00422EPSS

Exploits0References8

PyPA•added 2022/05/24 3:15 p.m.•4 views

PYSEC-2022-202

7.5CVSS9AI score0.00422EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2022/05/12 12:0 a.m.•2 views

PT-2022-7130 · Pypi +4 · Pyjwt +4

Name of the Vulnerable Software and Affected Versions: PyJWT versions prior to 2.4.0 Description: The issue is related to the implementation of JWT in Python PyJWT, where an attacker can exploit the lack of restrictions on certain open key formats. This allows a remote attacker to impact the...

7.8CVSS8.1AI score0.00422EPSS

Exploits0References69

OSV•added 2022/05/05 5:15 p.m.•3 views

CVE-2022-28708

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP DNS resolver-enabled, HTTP-Explicit or SOCKS profile is configured on a virtual server, an undisclosed DNS response can cause the Traffic Management Microkernel TMM process to terminate. Note:...

5.9CVSS6.2AI score0.00462EPSS

Exploits0References1

NVD•added 2022/05/05 5:15 p.m.•13 views

CVE-2022-28708

5.9CVSS0.00462EPSS

Exploits0References1

ATTACKERKB•added 2022/05/04 2:0 p.m.•0 views

CVE-2022-28708

5.9CVSS6.3AI score0.00462EPSS

Exploits0References2Affected Software1

Krebs on Security•added 2022/04/29 7:25 p.m.•12 views

You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. The move comes just months after Google rolled out a new policy enabling people under the...

0.2AI score

Exploits0

ThreatPost•added 2022/04/22 11:16 a.m.•31 views

Zero-Trust For All: A Practical Guide

While “zero-trust architecture” has become a buzz phrase, there’s plenty of confusion as to what it actually is. Is it a concept? A standard? A framework? An actual set of technology platforms? According to security experts, it’s best described as a fresh mindset for approaching cybersecurity...

7.6AI score

Exploits0References3

OSV•added 2022/04/12 7:42 p.m.•15 views

GHSA-2XXX-FHC8-9QVQ Ecto missing `is_nil` requirement

Ecto will not raise on queries with non-explicit nil comparisons ie if they aren't checked with isnil...

9.8CVSS8.3AI score0.00601EPSS

Exploits1References5

Positive Technologies•added 2022/04/12 12:0 a.m.•1 views

PT-2022-8026 · Ecto · Ecto

Name of the Vulnerable Software and Affected Versions: Ecto version 2.2.0 Description: The issue is related to a lack of protection mechanism in the interaction between is nil and raise functions. Specifically, Ecto will not raise on queries with non-explicit nil comparisons, unless they are...

9.8CVSS7.1AI score0.00601EPSS

Exploits1References12