CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6678 matches found

Code423n4•added 2023/03/07 12:0 a.m.•12 views

LUSDT non-compliance with the EIP-2612 standard

Lines of code Vulnerability details Impact Inability to integrate LUSDT into contracts of other services where the DOMAINSEPARATOR is used or strict adherence to the EIP2612 standard is required. Various network analyzers that automatically determine the type of contracts will not be able to...

6.7AI score

Exploits0

Cvelist•added 2023/03/03 11:47 p.m.•17 views

CVE-2023-26487 Vega has cross-site scripting vulnerability in `lassoAppend` function

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...

6.5CVSS6.2AI score0.00354EPSS

Exploits1References3

NVD•added 2023/03/03 11:15 p.m.•7 views

CVE-2023-26047

teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used...

6.5CVSS6.5AI score0.00279EPSS

Exploits0References3

OSV•added 2023/03/03 10:44 p.m.•25 views

CVE-2023-26047 teler-waf contains detection rule bypass via entities payload

6.5CVSS6.3AI score0.00279EPSS

Exploits0References5

Citrix•added 2023/03/02 12:0 a.m.•11 views

workspace cannot find a valid smart card certificate

Workspace App gives error " cannot find a valid smart card certificate". This works via Browser but not via Workspace App...

7.1AI score

Exploits0

NVD•added 2023/03/01 8:15 a.m.•14 views

CVE-2023-20014

A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a...

7.5CVSS7.6AI score0.00376EPSS

Exploits0References1

Prion•added 2023/03/01 8:15 a.m.•18 views

Race condition

5CVSS7.6AI score0.00376EPSS

Exploits0References1Affected Software1

0day.today•added 2023/02/28 12:0 a.m.•356 views

WordPress Real Estate 7 Theme 3.3.4 Abuse Of Functionality Vulnerability

==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Abuse of Functionality Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZz https://fearzzzz.ru Component...

0.1AI score

Exploits0

Tenable Nessus•added 2023/02/28 12:0 a.m.•68 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : curl vulnerabilities (USN-5891-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5891-1 advisory. Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker...

9.1CVSS6.5AI score0.00108EPSS

Exploits2References4

Packet Storm•added 2023/02/28 12:0 a.m.•388 views

WordPress Real Estate 7 Theme 3.3.4 Abuse Of Functionality

7.4AI score

Exploits0

RedhatCVE•added 2023/02/27 2:59 p.m.•54 views

CVE-2022-20566

A use-after-free flaw was found in the Linux kernel's Bluetooth functionality. A user could trigger a race condition while closing the connection. This issue may allow a local user to crash or potentially escalate their privileges on the system. Mitigation The only way to mitigate these...

7.8CVSS0.9AI score0.00022EPSS

Exploits0References4

OSSF Malicious Packages•added 2023/02/25 11:48 p.m.•3 views

Malicious code in esqosintstudymine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6774622c93bd8022ccf9bec68275428604f1a5948cb589cf2fd5299cc61e5464 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

7AI score

Exploits0References1

OSV•added 2023/02/24 9:15 a.m.•1 views

CVE-2023-1005

A vulnerability was found in JP1016 Markdown-Electron and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Continious delivery...

7.8CVSS5.9AI score

Exploits0References3

Prion•added 2023/02/23 8:15 p.m.•24 views

Design/Logic Flaw

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

6.4CVSS7.3AI score0.00039EPSS

Exploits0References3Affected Software2

Prion•added 2023/02/23 8:15 p.m.•29 views

Design/Logic Flaw

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is...

6.4CVSS7.4AI score0.00108EPSS

Exploits1References3Affected Software2

OSV•added 2023/02/23 12:15 p.m.•1 views

CVE-2023-0982

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Add Class Entry. The manipulation of the argument id leads to sql injection. The attack can be launched...

9.8CVSS6.6AI score0.0027EPSS

Exploits2References2