CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1754 matches found

SUSE CVE•added 2023/02/15 4:11 a.m.•1 views

SUSE CVE-2019-12523

An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers,...

7.4CVSS6.9AI score0.00618EPSS

Exploits0References11

SUSE CVE•added 2023/02/15 4:1 a.m.•1 views

SUSE CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

7.5CVSS8.6AI score0.65366EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 4:1 a.m.•1 views

SUSE CVE-2020-8562

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a...

2.2CVSS5.2AI score0.00056EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 4:1 a.m.•1 views

SUSE CVE-2020-8558

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally...

5.4CVSS6.8AI score0.20149EPSS

Exploits5References3

SUSE CVE•added 2023/02/15 3:47 a.m.•1 views

SUSE CVE-2021-20199

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 including from remote hosts. This impacts containerized applications that trust localhost 127.0.01 connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards...

3.7CVSS6.9AI score0.00134EPSS

Exploits1References17

SUSE CVE•added 2023/02/15 3:40 a.m.•1 views

SUSE CVE-2021-34337

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...

7.4CVSS7.1AI score0.00207EPSS

Exploits0References3

OSV•added 2023/02/01 4:15 a.m.•4 views

CVE-2022-4062

A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission Versions prior to V2.25...

7.8CVSS5.8AI score0.00054EPSS

Exploits0References1

Prion•added 2023/02/01 4:15 a.m.•16 views

Authorization

4.3CVSS7.5AI score0.00054EPSS

Exploits0References1Affected Software1

Kitploit•added 2023/01/30 11:30 a.m.•40 views

DFShell - The Best Forwarded Shell

██████╗ ███████╗███████╗██╗ ██╗███████╗██╗ ██╗ ██╔══██╗██╔════╝██╔════╝██║ ██║███╔═══╝██║ ██║ ██║ ██║█████╗ ███████╗███████║█████╗ ██║ ██║ ██║ ██║██╔══╝ ╚════██║██╔══██║██╔══╝ ██║ ██║ ██████╔╝██║ ███████║██║ ██║███████╗████████╗███████╗ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝╚══════╝╚══════╝╚══════╝ D3Ext's...

7.5AI score

Exploits0References4

UbuntuCve•added 2023/01/27 6:15 p.m.•36 views

CVE-2022-4335

A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host...

4.3CVSS5.9AI score0.00368EPSS

Exploits1References4

OSV•added 2023/01/27 12:0 a.m.•19 views

CVE-2022-4335

A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host...

4.3CVSS4.2AI score0.00368EPSS

Exploits1References5

Tenable Nessus•added 2023/01/23 12:0 a.m.•25 views

RHEL 7 / 8 : OpenShift Container Platform 4.3.31 openshift (RHSA-2020:3183)

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:3183 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...

8.8CVSS6.8AI score0.20149EPSS

Exploits5References5

Prion•added 2023/01/02 8:15 p.m.•10 views

Input validation

kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...

4CVSS6.5AI score0.0021EPSS

Exploits0References2Affected Software1

wpexploit•added 2022/12/23 12:0 a.m.•108 views

MashShare < 3.8.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...

5.4CVSS1AI score0.00252EPSS

Exploits2

RedHat Linux•added 2022/12/14 1:15 p.m.•3 views

quarkus_dev_ui: Dev UI Config Editor is vulnerable to drive-by localhost attacks leading to RCE

A vulnerability was found in quarkus. This issue occurs in Dev UI Config Editor, which is vulnerable to drive-by localhost attacks leading to remote code execution...

9.8CVSS6.1AI score0.029EPSS

Exploits0References4

RedHat Linux•added 2022/12/13 1:20 p.m.•4 views

quarkus_dev_ui: Dev UI Config Editor is vulnerable to drive-by localhost attacks leading to RCE

A vulnerability was found in quarkus. This issue occurs in Dev UI Config Editor, which is vulnerable to drive-by localhost attacks leading to remote code execution...

9.8CVSS6.1AI score0.029EPSS

Exploits0References4

Positive Technologies•added 2022/12/13 12:0 a.m.•3 views

PT-2022-6395 · Schneider Electric · Ecostruxure Power Commission

Name of the Vulnerable Software and Affected Versions: EcoStruxure Power Commission versions prior to V2.25 Description: A vulnerability exists that could cause unauthorized access to certain software functions when an attacker gains access to the localhost interface of the EcoStruxure Power...

7.8CVSS7.4AI score0.00054EPSS

Exploits0References7

0day.today•added 2022/12/13 12:0 a.m.•254 views

Judging Management System 1.0 SQL Injection Vulnerability

Judging Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: Judging Management System v1.0 - Authentication Bypass Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

0.2AI score

Exploits0

wpexploit•added 2022/12/05 12:0 a.m.•79 views

Contest Gallery < 19.1.5.1 - Author+ SQL Injection

The plugins do not escape the cgid POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php?page=/index.php&editgallery=1&wpmad...

6.5CVSS0.2AI score0.00978EPSS

Exploits2References1

wpexploit•added 2022/12/05 12:0 a.m.•104 views

Contest Gallery Pro < 19.1.5 - Admin+ SQL Injection

The plugin does not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges i.e. on multisite WordPress configurations to leak sensitive information from the site's database. POST...

4.9CVSS0.8AI score0.00846EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by