Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

276 matches found

Debian CVE
Debian CVEadded 2022/10/17 12:0 a.m.81 views

CVE-2022-2455

Removed by vendor...

6.5CVSS6.6AI score0.0019EPSS
Exploits0
NVD
NVDadded 2022/10/11 8:15 p.m.12 views

CVE-2020-14129

A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege...

9.8CVSS0.00504EPSS
Exploits0References1
Prion
Prionadded 2022/10/11 8:15 p.m.12 views

Privilege escalation

A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege...

7.5CVSS9.3AI score0.00504EPSS
Exploits0References1
Cvelist
Cvelistadded 2022/10/11 12:0 a.m.17 views

CVE-2020-14129

A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege...

9.4AI score0.00504EPSS
Exploits0References1
CVE
CVEadded 2022/10/11 12:0 a.m.35 views

CVE-2020-14129

CVE-2020-14129 concerns a logic vulnerability in a Xiaomi product due to an identity verification failure that enables a brief elevation of privileges. The NVD entry rates it CVSS v3.1 as 9.8 (CRITICAL): attack vector NETWORK, attack complexity LOW, privileges required NONE, user interaction NONE...

9.8CVSS9.2AI score0.00504EPSS
Exploits0References1Affected Software1
Code423n4
Code423n4added 2022/08/27 12:0 a.m.14 views

Voting signature malleability of EVM's ecrecover in castVoteBySig

Lines of code Vulnerability details Proof of Concept EVM's ecrecover is susceptible to signature malleability which allows replay attacks, but that is mitigated here by doing receipt.hasVoted = true;. However, if any of the application logic changes, it might make signature malleability a risk fo...

6.9AI score
Exploits0
Vulnrichment
Vulnrichmentadded 2022/08/19 10:32 p.m.4 views

CVE-2022-2789

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic...

4.7CVSS6.8AI score0.00031EPSS
Exploits0References1
Prion
Prionadded 2022/07/01 8:15 p.m.22 views

Design/Logic Flaw

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service ReDoS via the loadAnnotation function, due to the usage of insecure regex...

5CVSS7.4AI score0.00493EPSS
Exploits1References3
Huntr
Huntradded 2022/06/17 4:39 p.m.14 views

Privilege Escalation via edit response body

Description Recently, i found a business logic vulnerabity and this vulnerability allow reader user perform privilege escalation on allaccess user. Because before user perform any function, client-side will perform OPTIONS request to view user permission with specify function via response body. I...

0.6AI score
Exploits0
Prion
Prionadded 2022/06/07 6:15 p.m.16 views

Input validation

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash...

5CVSS5.2AI score0.00057EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2022/06/07 6:15 p.m.13 views

Input validation

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash...

5CVSS5.3AI score0.00057EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2022/06/07 5:58 p.m.71 views

CVE-2022-30721

The CVE-2022-30721 entry concerns a vulnerability in libsmkvextractor. Description: an improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1, which allows an attacker to trigger a crash. Connected sources corroborate a Samsung/Android context and ...

5.3CVSS5.2AI score0.00057EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blogadded 2022/05/24 5:30 p.m.21 views

Always-Incorrect Control Flow Implementation in Facebook Hermes

A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...

9.8CVSS9.3AI score0.01402EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2022/05/24 5:30 p.m.27 views

GHSA-327C-QX3V-H673 Always-Incorrect Control Flow Implementation in Facebook Hermes

A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...

9.8CVSS9.6AI score0.01402EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2022/05/20 10:29 p.m.21 views

CVE-2020-1914

A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...

9.8CVSS4.7AI score0.01402EPSS
Exploits0References1
Prion
Prionadded 2022/04/21 6:15 p.m.11 views

Code injection

A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation...

2.1CVSS5.4AI score0.00047EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2022/04/21 5:25 p.m.40 views

CVE-2020-14121

The CVE-2020-14121 issue affects Xiaomi Mi App Store. Affected component: the store’s business logic with incomplete product permission checks, allowing bypass and a local silent installation. Root cause: insufficient permission enforcement enables an attacker to install without user-visible prom...

5.5CVSS5.4AI score0.00047EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2022/04/05 4:15 p.m.17 views

Design/Logic Flaw

An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally...

7.2CVSS7.4AI score0.0016EPSS
Exploits1References1Affected Software1
CNVD
CNVDadded 2022/03/25 12:0 a.m.9 views

Huawei Smartphone Business Logic Error Vulnerability

Huawei Smartphone is a cell phone product launched by Huawei. Huawei Smartphone is vulnerable to a business logic error. The vulnerability stems from a service logic vulnerability in a module in HarmonyOS version 2.0. An attacker could exploit the vulnerability to cause a persistent denial of...

2.7AI score
Exploits0Affected Software1
Prion
Prionadded 2022/03/23 10:15 p.m.11 views

Design/Logic Flaw

OpenEMR v6.0.0 was discovered to contain an incorrect access control issue...

4CVSS4.9AI score0.00369EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder