CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

470 matches found

ATTACKERKB•added 2022/05/13 8:0 p.m.•2 views

CVE-2022-25862

This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. Note: This vulnerability derives from an incomplete fix to CVE-2020-7618...

7.5CVSS6.4AI score0.00318EPSS

Exploits2References3

UbuntuCve•added 2022/05/12 4:15 p.m.•34 views

CVE-2022-28919

HTMLCreator releasestable2020-07-29 was discovered to contain a cross-site scripting XSS vulnerability via the function generateFilename...

6.1CVSS6.3AI score0.00561EPSS

Exploits1References3

NVD•added 2022/05/02 2:15 p.m.•12 views

CVE-2022-28056

ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php...

9.8CVSS0.00433EPSS

Exploits1References1

OSV•added 2022/04/25 1:15 p.m.•29 views

CVE-2022-28506

There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB in gif2rgb.c:298:45...

5.5CVSS2.5AI score

Exploits0References5

Code423n4•added 2022/04/13 12:0 a.m.•10 views

setDebtInterestApr() doesn't accrue interest before changing it

Lines of code Vulnerability details Impact Wrong interest can be charged if interest is changed without calling accrue Proof of Concept The function setDebtInterestApr updates the interest charged on debt without calling accrue before to compute previous interests. If someone takes debt at 2% and...

6.9AI score

Exploits0

VulnCheck KEV•added 2022/04/01 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.5AI score0.05664EPSS

Exploits1References1

CNNVD•added 2022/02/08 12:0 a.m.•3 views

ELECOM lan 安全漏洞

ELECOM lan is a router from ELECOM Japan. A security vulnerability exists in ELECOM LAN routers that stems from a hidden function vulnerability in ELECOM LAN routers. The vulnerability can be exploited by an attacker to execute arbitrary operating system commands over an unspecified vector on a...

8.8CVSS8.3AI score0.0013EPSS

Exploits0References5

OSV•added 2022/01/26 5:15 p.m.•11 views

CVE-2021-46116

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin.TemplateControllerdoInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code...

7.2CVSS8AI score

Exploits0References3

UbuntuCve•added 2022/01/14 12:15 a.m.•12 views

CVE-2021-45760

GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gflistlast. This vulnerability allows attackers to cause a Denial of Service DoS...

5.5CVSS6.8AI score0.00163EPSS

Exploits1References2

Debian CVE•added 2022/01/14 12:0 a.m.•21 views

CVE-2021-45764

GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shiftchunkoffsets.isra...

5.5CVSS7.1AI score0.0031EPSS

Exploits1

PyPA•added 2022/01/01 12:15 a.m.•4 views

PYSEC-2022-43148

Open Asset Import Library aka assimp 5.1.0 and 5.1.1 has a heap-based buffer overflow in m3dsafestr called from m3dload and Assimp::M3DWrapper::M3DWrapper...

5.5CVSS7.5AI score0.00209EPSS

Exploits1References5Affected Software1

CNNVD•added 2021/12/21 12:0 a.m.•1 views

GPAC 代码问题漏洞

GPAC is an open source multimedia framework. gfdumpvrmldynfield.isra function in GPAC version 1.1.0 is vulnerable to a null pointer dereference, which can be exploited by attackers to cause segmentation errors and application crashes...

5.5CVSS7.9AI score0.00138EPSS

Exploits1References2

Prion•added 2021/12/17 9:15 a.m.•12 views

Authentication flaw

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3...

8.3CVSS9.2AI score0.00053EPSS

Exploits0References2Affected Software1

CNVD•added 2021/12/02 12:0 a.m.•9 views

Unspecified vulnerability in libretime

Libretime is a radio broadcast and automation platform. libretime is vulnerable due to a naming function vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController. php for path manipulation. No details of the vulnerability are currently available...

9.8CVSS2.1AI score0.00433EPSS

Exploits0References1

NVD•added 2021/11/23 10:15 p.m.•8 views

CVE-2021-42783

Missing Authentication for Critical Function vulnerability in debugpostset.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions...

10CVSS0.00664EPSS

Exploits0References1

NVD•added 2021/10/22 12:15 p.m.•11 views

CVE-2021-38467

A specific function code receives a raw pointer supplied by the user and deallocates this pointer. The user can then control what memory regions will be freed and cause use-after-free condition...

8.1CVSS0.0016EPSS

Exploits0References1

Debian CVE•added 2021/09/30 1:12 p.m.•52 views

CVE-2021-41720

Removed by vendor...

7.5AI score

Exploits0

OSV•added 2021/08/16 7:15 p.m.•2 views

CVE-2021-34657

The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the text function found in the /vendor/OrgHeigl/Hyphenator/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.11...

6.1CVSS5.8AI score0.0021EPSS

Exploits1References2

OSV•added 2021/06/03 4:15 p.m.•0 views

CVE-2021-22313

There is a Security Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality...

7.5CVSS7.1AI score

Exploits0References1

Prion•added 2021/06/03 4:15 p.m.•15 views

Security feature bypass

There is a Security Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality...

5CVSS7.5AI score0.00136EPSS

Exploits0References1Affected Software2