CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9453 matches found

ICS•added 2024/08/13 6:0 a.m.•9 views

Rockwell Automation Pavilion8

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Pavilion8 Vulnerability : Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

7.5CVSS6.3AI score0.00121EPSS

Exploits0References10

Positive Technologies•added 2024/08/11 12:0 a.m.•3 views

PT-2024-38504 · Unknown · Code-Projects Job Portal

Name of the Vulnerable Software and Affected Versions: code-projects Job Portal version 1.0 Description: A critical issue affects the processing of the file rw i nat.php, where the manipulation of the id argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For...

9.8CVSS8.1AI score0.00181EPSS

Exploits1References9

OSV•added 2024/08/01 9:16 p.m.•1 views

CVE-2024-7367

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=saveuser. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit...

8.8CVSS4.9AI score

Exploits0References4

Rapid7 Blog•added 2024/08/01 1:30 p.m.•7 views

New Cloud Risk Dashboard: Identifying Toxic Combinations to Drive Faster Remediation

Co-authored by Andrea Ruddy Risks identified within a cloud environment compound to represent a real threat of exploitation. Our cloud risk scoring, introduced recently to insightCloudSec, focuses on these toxic combinations. Toxic combinations are attractive for bad actors who can target multipl...

7.7AI score

Exploits0

ICS•added 2024/08/01 6:0 a.m.•36 views

Rockwell Automation Logix Controllers

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules Vulnerability : Unprotected Alternate Channel 2. RISK EVALUATION Successful exploitation of this...

7.3CVSS7AI score0.00118EPSS

Exploits0References10

Positive Technologies•added 2024/07/30 12:0 a.m.•2 views

PT-2024-36430 · Aruba Networks · Clearpass Policy Manager

Name of the Vulnerable Software and Affected Versions: ClearPass Policy Manager affected versions not specified Description: A vulnerability exists in ClearPass Policy Manager that allows an attacker with administrative privileges to access sensitive information in a cleartext format. A successfu...

5.8CVSS6.8AI score0.00402EPSS

Exploits0References5

ICS•added 2024/07/25 6:0 a.m.•11 views

Positron Broadcast Signal Processor

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Positron S.R.L Equipment : Broadcast Signal Processor TRA7005 Vulnerability : Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION...

9.8CVSS9.9AI score0.00076EPSS

Exploits0References10

The Hacker News•added 2024/07/25 5:30 a.m.•35 views

CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software

The Internet Systems Consortium ISC has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain BIND 9 Domain Name System DNS software suite that could be exploited to trigger a denial-of-service DoS condition. "A cyber threat actor could exploit one of...

7.5CVSS7.3AI score0.43701EPSS

Exploits0

Tenable Nessus•added 2024/07/24 12:0 a.m.•21 views

Photon OS 3.0: Elfutils PHSA-2023-3.0-0643

An update of the elfutils package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0643. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

5.5CVSS6.3AI score0.0002EPSS

Exploits1References2

Veracode•added 2024/07/19 2:6 p.m.•27 views

Server-side Request Forgery (SSRF)

org.apache.cxf:cxf-rt-rs-service-description is vulnerable to Server-side Request Forgery SSRF. The vulnerability is due to insufficient validation of the stylesheetReference and path parameters, which can be exploited by an attacker to perform SSRF style attacks. Note that this vulnerability is...

9.1CVSS6.8AI score0.00544EPSS

Exploits0References7Affected Software1

RedhatCVE•added 2024/07/18 12:30 p.m.•21 views

CVE-2024-21160

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS5.9AI score0.00218EPSS

Exploits0References4

RedhatCVE•added 2024/07/18 9:57 a.m.•31 views

CVE-2024-21135

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS6AI score0.00218EPSS

Exploits0References4

NVD•added 2024/07/16 11:15 p.m.•23 views

CVE-2024-21183

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic...

7.5CVSS0.0075EPSS

Exploits0References1

OSV•added 2024/07/16 11:15 p.m.•24 views

CVE-2024-21177

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

6.5CVSS6.5AI score

Exploits0References2

NVD•added 2024/07/16 11:15 p.m.•35 views

CVE-2024-21177

6.5CVSS0.00422EPSS

Exploits0References2

OSV•added 2024/07/16 11:15 p.m.•14 views

CVE-2024-21170

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successfu...

6.3CVSS5.5AI score

Exploits0References1

NVD•added 2024/07/16 11:15 p.m.•21 views

CVE-2024-21171

6.5CVSS0.00278EPSS

Exploits0References2

NVD•added 2024/07/16 11:15 p.m.•20 views

CVE-2024-21170

6.3CVSS0.0013EPSS

Exploits0References1

OSV•added 2024/07/16 11:15 p.m.•15 views

CVE-2024-21173

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS4.9AI score

Exploits0References2

OSV•added 2024/07/16 11:15 p.m.•17 views

CVE-2024-21162

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS5.8AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by