CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8850 matches found

ATTACKERKB•added 2022/04/04 8:15 p.m.•5 views

CVE-2022-1120

Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration...

6.5CVSS6.5AI score0.00987EPSS

Exploits0References4Affected Software1

OSV•added 2022/04/04 8:15 p.m.•0 views

UBUNTU-CVE-2022-1120

6.5CVSS5.8AI score0.00987EPSS

Exploits0References5

Positive Technologies•added 2022/04/04 12:0 a.m.•2 views

PT-2022-13670 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 14.7.7 GitLab CE/EE versions 14.8 prior to 14.8.5 GitLab CE/EE versions 14.9 prior to 14.9.2 Description: The issue concerns missing filtering in an error message, which exposes sensitive information when an...

6.5CVSS6.2AI score0.00987EPSS

Exploits0References10

Veracode•added 2022/04/01 3:24 a.m.•16 views

Command Injection

asciidoctor-include-ext is vulnerable to Command Injection. The library renders user-supplied input in AsciiDoc markup, which allows an attacker to execute arbitrary system commands on the host operating system when the allow-uri-read is disabled...

10CVSS9.7AI score0.02719EPSS

Exploits1References3Affected Software2

NVD•added 2022/04/01 12:15 a.m.•21 views

CVE-2022-24803

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...

10CVSS0.02719EPSS

Exploits1References3

OSV•added 2022/04/01 12:15 a.m.•1 views

DEBIAN-CVE-2022-24803

9.8CVSS8.9AI score0.02719EPSS

Exploits1References1

UbuntuCve•added 2022/04/01 12:15 a.m.•28 views

CVE-2022-24803

10CVSS7.2AI score0.02719EPSS

Exploits1References6

Prion•added 2022/04/01 12:15 a.m.•11 views

Design/Logic Flaw

10CVSS9.6AI score0.02719EPSS

Exploits1References3Affected Software1

OSV•added 2022/04/01 12:15 a.m.•1 views

UBUNTU-CVE-2022-24803

10CVSS6AI score0.02719EPSS

Exploits1References7

CNNVD•added 2022/04/01 12:0 a.m.•12 views

GitLab Community Edition和GitLab Enterprise Edition 信息泄露漏洞

GitLab Enterprise Edition is a content management system.GitLab Community Edition is a community edition of GitLab by GitLab, Inc. An information disclosure vulnerability exists in GitLab Community Edition CE and Enterprise Edition EE due to a lack of filtering in error messages. When the include...

6.5CVSS6.5AI score0.00987EPSS

Exploits0References7

Cvelist•added 2022/03/31 11:30 p.m.•27 views

CVE-2022-24803 Command Injection vulnerability in asciidoctor-include-ext

10CVSS9.9AI score0.02719EPSS

Exploits1References3

CVE•added 2022/03/31 11:30 p.m.•114 views

CVE-2022-24803

CVE-2022-24803 concerns the Asciidoctor-include-ext extension (pre-0.4.0) that processes user-supplied input in AsciiDoc. The root cause is a command-injection risk in the include extension, allowing arbitrary system commands on the host OS, even when allow-uri-read is disabled. The issue is miti...

10CVSS9.7AI score0.02719EPSS

Exploits1References3Affected Software1

OSV•added 2022/03/31 11:30 p.m.•20 views

CVE-2022-24803 Command Injection vulnerability in asciidoctor-include-ext

10CVSS9.3AI score0.02719EPSS

Exploits1References5

Debian CVE•added 2022/03/31 11:30 p.m.•30 views

CVE-2022-24803

10CVSS9.7AI score0.02719EPSS

Exploits1

Snyk•added 2022/03/31 11:27 p.m.•1 views

Command Injection

Overview asciidoctor-include-ext is a reimplementation of the Asciidoctor's built-in preprocessor for the include:: directive in extensible and more clean way. Affected versions of this package are vulnerable to Command Injection. Applications using Asciidoctor with asciidoctor-include-ext, which...

10CVSS7.6AI score0.02719EPSS

Exploits1References2

OSV•added 2022/03/31 11:27 p.m.•20 views

GHSA-V222-6MR4-QJ29 Command Injection vulnerability in asciidoctor-include-ext

Impact Applications using Asciidoctor Ruby with asciidoctor-include-ext prior to version 0.4.0, which render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when allow-uri-read is disable...

10CVSS9.6AI score0.02719EPSS

Exploits1References6

CNNVD•added 2022/03/31 12:0 a.m.•1 views

Asciidoctor 操作系统命令注入漏洞

Asciidoctor is a text processor written in Ruby by the Asciidoctor organization. The product supports converting AsciiDoc content to HTML5, DocBook, and other formats. An operating system command injection vulnerability exists in versions prior to Asciidoctor-include-ext 0.4.0 that could allow an...

10CVSS8.8AI score0.02719EPSS

Exploits1References5

0day.today•added 2022/03/31 12:0 a.m.•219 views

COMPIE CMS Leado Local File Include Vulnerability

Exploit Title: COMPIE CMS Leado Local File Include Google Dork: /index.php?pathAjax= Date: 3/30/2022 Exploit Author: iranhack Security Team Vendor Homepage: iranhack.com Software Link: http://www.compie.co.il/ Version: V.1.0 Tested on: KaliLinux,windows 10 Local File Include...

0.2AI score

Exploits0

RubySec•added 2022/03/31 12:0 a.m.•17 views

Command Injection vulnerability in asciidoctor-include-ext

10CVSS7.6AI score0.02719EPSS

Exploits1References1Affected Software1

Packet Storm•added 2022/03/23 12:0 a.m.•229 views

WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read

Exploit Title: WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated Google Dork: inurl:/wp-content/plugins/amministrazione-aperta/ Date: 23-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/amministrazione-aperta/...

0.3AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by