CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6674 matches found

Prion•added 2022/08/19 1:15 p.m.•12 views

Improper access control

In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality...

6.5CVSS8.7AI score0.00784EPSS

Exploits2References3Affected Software1

CVE•added 2022/08/19 11:52 a.m.•90 views

CVE-2022-35909

CVE-2022-35909 refers to Jellyfin prior to version 10.8 where the "/users" endpoint has incorrect access control for admin functionality. The publicly available documents identify this as an admin-access control flaw that could enable unauthorized admin-like access via the mentioned endpoint. The...

8.8CVSS8.7AI score0.00784EPSS

Exploits1References3Affected Software1

Github Security Blog•added 2022/08/18 7:4 p.m.•31 views

Ethermint vulnerable to DoS through unintended Contract Selfdestruct

Vulnerability Report Impact Smart contract applications that make use of the selfdestruct functionality and their end-users. Classification The vulnerability has been classified as high with a CVSS score of 8.2. It has the potential to create a denial-of-service to all contracts that can invoke t...

8.2CVSS5.6AI score0.00149EPSS

Exploits1References5Affected Software4

Zero Day Initiative•added 2022/08/18 12:0 a.m.•27 views

ManageEngine NetFlow Analyzer getUserAPIKey Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine NetFlow Analyzer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getUserAPIKey function. The issue results from the lack of authenticati...

9.4CVSS2.9AI score0.26837EPSS

Exploits0References1

Zero Day Initiative•added 2022/08/18 12:0 a.m.•24 views

ManageEngine OpManager getUserAPIKey Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getUserAPIKey function. The issue results from the lack of authentication prio...

9.4CVSS2.9AI score0.26837EPSS

Exploits0References1

Zero Day Initiative•added 2022/08/18 12:0 a.m.•40 views

ManageEngine OpManager Plus getUserAPIKey Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine OpManager Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getUserAPIKey function. The issue results from the lack of authentication...

9.4CVSS2.9AI score0.26837EPSS

Exploits0References1

Zero Day Initiative•added 2022/08/18 12:0 a.m.•20 views

ManageEngine Network Configuration Manager getUserAPIKey Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine Network Configuration Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getUserAPIKey function. The issue results from the lack of...

9.8CVSS2.9AI score0.26837EPSS

Exploits0References1

Talos•added 2022/08/16 12:0 a.m.•31 views

HDF5 Group libhdf5 gif2h5 out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2022-1485 HDF5 Group libhdf5 gif2h5 out-of-bounds write vulnerability August 16, 2022 CVE Number CVE-2022-25972 SUMMARY An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to...

7.8CVSS8.2AI score0.00077EPSS

Exploits1

Talos•added 2022/08/16 12:0 a.m.•40 views

WWBN AVideo cookie information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1542 WWBN AVideo cookie information disclosure vulnerability August 16, 2022 CVE Number CVE-2022-32777,CVE-2022-32778 SUMMARY An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The...

7.5CVSS7.3AI score0.01123EPSS

Exploits0

Huntr•added 2022/08/15 8:9 p.m.•19 views

Unrestricted File Upload Allowed due to Flawed Move File Functionality

Description Hello Team, Hope you are doing good. Due to misconfiguration in move file functionality an attacker could easily change the file extension of the uploaded malicious file disguised as .gcode file. Steps: 1 . Upload a .gcode file & intercept the request as shown in the screenshots. 2...

4.9CVSS0.2AI score0.00223EPSS

Exploits1

Huntr•added 2022/08/15 1:27 p.m.•24 views

Improper Authorization lead a user add an arbitrary agent into Team

Description A Vulnerability in edit team function lead an user add another user via ID to Team, alternatively know the email of every user in Chatwoot Step to reproduce - login to the app -navigate to the Team setting: https://app.chatwoot.com/app/accounts/id/settings/teams/list -Create new or ed...

5.5CVSS6.9AI score0.00144EPSS

Exploits1

Positive Technologies•added 2022/08/15 12:0 a.m.•3 views

PT-2022-18838 · Sourcecodester · Sourcecodester Simple/Nice Shopping Cart Script

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple and Nice Shopping Cart Script affected versions not specified Description: A vulnerability has been found in the software, affecting an unknown functionality of the file /mkshope/login.php. The issue is related to the...

6.1CVSS5.8AI score0.00323EPSS

Exploits1References3

Huntr•added 2022/08/09 7:50 a.m.•25 views

Path traversal on administrative account

Description Relative path traversal in DNN.Platform at log download functionality. Administrative account can download any system file. This could allow direct read access to files that are not meant to be accessible directly by the platform. Proof of Concept Login as administrative user. Payload...

3.3CVSS2.1AI score0.00453EPSS

Exploits1

CNNVD•added 2022/08/09 12:0 a.m.•1 views

Company Website CMS 跨站脚本漏洞

Company Website CMS is a company website/CMS by Torrahclef Personal Developer. Company Website CMS suffers from a cross-site scripting vulnerability that stems from some unknown functionality in the file add-blog.php being affected, resulting in cross-site scripting, where attacks can be launched...

6.1CVSS5.7AI score0.00316EPSS

Exploits0References2

Vulnrichment•added 2022/08/07 8:1 p.m.•6 views

CVE-2022-2698 SourceCodester Simple E-Learning System search.php sql injection

A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument searchPost leads to sql injection. The attack can be launched remotely. The...

6.3CVSS7.6AI score0.00245EPSS

Exploits1References2

NVD•added 2022/08/06 6:15 p.m.•7 views

CVE-2022-2691

A vulnerability, which was classified as problematic, has been found in SourceCodester Wedding Hall Booking System. Affected by this issue is some unknown functionality of the file /whbs/?page=manageaccount of the component Profile Page. The manipulation leads to cross site scripting. The attack...

5.4CVSS0.00224EPSS

Exploits1References2

OSV•added 2022/08/05 10:15 p.m.•3 views

CVE-2022-24012

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all...

9.8CVSS7.8AI score0.0057EPSS

Exploits1References1

NVD•added 2022/08/05 10:15 p.m.•11 views

CVE-2022-24006

9.8CVSS0.00459EPSS

Exploits1References1

OSV•added 2022/08/05 10:15 p.m.•2 views

CVE-2022-24008

9.8CVSS7.7AI score0.00459EPSS

Exploits1References1

Prion•added 2022/08/05 10:15 p.m.•18 views

Buffer overflow