CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2357 matches found

CNNVD•added 2022/11/15 12:0 a.m.•0 views

Simmeth System Supplier Manager 授权问题漏洞

Simmeth System Supplier Manager, a supply chain software from Simmeth System, Germany, is vulnerable to a session management error in versions prior to Simmeth System Supplier Manager 5.6. The vulnerability stems from credentials not being cleared from local storage after logging out, which could...

7.5CVSS6.5AI score0.00275EPSS

Exploits3References4

CNNVD•added 2022/11/15 12:0 a.m.•2 views

ZoneMinder 跨站脚本漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, among others. A security vulnerability exists in ZoneMinder version 1.36.12, which stems from an issue containing stored cross-site scripting XSS that allows an attacker to execute HTM...

5.4CVSS6.5AI score0.00331EPSS

Exploits0References4

Debian CVE•added 2022/11/15 12:0 a.m.•27 views

CVE-2022-30768

A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...

5.4CVSS3.8AI score0.00331EPSS

Exploits0

Cvelist•added 2022/11/15 12:0 a.m.•18 views

CVE-2022-30768

5.9AI score0.00331EPSS

Exploits0References2

OSV•added 2022/11/03 8:15 p.m.•2 views

CVE-2022-40230

"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532."...

6.5CVSS5.8AI score

Exploits0References1

CVE•added 2022/11/03 12:0 a.m.•57 views

CVE-2022-40230

Summary of CVE-2022-40230 (IBM MQ Appliance) : The issue arises because IBM MQ Appliance versions 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS do not invalidate sessions after logout, enabling an authenticated user to impersonate another user on the system. The IBM advisory specifies affected versions an...

6.5CVSS6.1AI score0.00236EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2022/11/03 12:0 a.m.•3 views

PT-2022-25297 · Ibm · Ibm Mq Appliance

Name of the Vulnerable Software and Affected Versions: IBM MQ Appliance versions 9.2 CD through 9.3 LTS Description: The issue allows an authenticated user to impersonate another user on the system because it does not invalidate the session after logout. Recommendations: For IBM MQ Appliance...

6.5CVSS6.3AI score0.00236EPSS

Exploits0References3

OSV•added 2022/10/26 12:0 a.m.•17 views

CVE-2022-39355 Discourse Patreon vulnerable to improper validation of email during Patreon authentication

Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number...

9.1CVSS9.2AI score0.00321EPSS

Exploits0References4

CNNVD•added 2022/10/21 12:0 a.m.•1 views

IBM MQ Appliance 代码问题漏洞

The IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware from International Business Machines IBM. A security vulnerability exists in the IBM MQ Appliance that stems from not invalidating a session after logging out, which could allow an...

6.5CVSS6.5AI score0.00236EPSS

Exploits0References4

CNVD•added 2022/10/13 12:0 a.m.•27 views

Multiple Siemens Products Access Control Error Vulnerabilities

Siemens SICAM is an integrated substation automation system from Siemens Germany. An access control error vulnerability exists in several Siemens products. The vulnerability stems from the fact that the affected device accepts a user-defined session cookie and does not update the session cookie...

3.3AI score0.00334EPSS

Exploits0

Positive Technologies•added 2022/10/12 12:0 a.m.•5 views

PT-2022-20302 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder version 1.36.12 Description: A Stored Cross Site Scripting XSS issue allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform...

9.8CVSS7.2AI score0.78761EPSS

Exploits28References52

OSV•added 2022/10/10 9:15 p.m.•3 views

CVE-2022-34334

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704...

6.5CVSS5.8AI score0.00097EPSS

Exploits0References2

CVE•added 2022/10/10 8:43 p.m.•62 views

CVE-2022-34334

Summary: IBM Sterling Partner Engagement Manager (version 2.0) is affected by an authentication/ session management vulnerability that allows an authenticated user to impersonate another user after logout. The issue arises from not invalidating the session, enabling session reuse. Affected produc...

6.5CVSS6.1AI score0.00097EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2022/10/08 12:0 a.m.•3 views

CVE-2022-34334

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704...

6.5CVSS6AI score0.00097EPSS

Exploits0References3Affected Software1

OSV•added 2022/10/07 5:15 p.m.•3 views

CVE-2022-41291

IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699...

6.5CVSS5.8AI score0.00118EPSS

Exploits0References2