CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2357 matches found

OSV•added 2022/08/04 6:15 p.m.•2 views

CVE-2022-35728

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging...

9.8CVSS5.8AI score0.0068EPSS

Exploits0References1

Prion•added 2022/08/04 6:15 p.m.•19 views

Design/Logic Flaw

7.5CVSS9.3AI score0.0068EPSS

Exploits0References1Affected Software12

ATTACKERKB•added 2022/08/03 2:0 p.m.•1 views

CVE-2022-35728

9.8CVSS7.3AI score0.0068EPSS

Exploits0References2Affected Software2

CNNVD•added 2022/08/03 12:0 a.m.•1 views

F5 BIG-IP 代码问题漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A session expiration time insufficient vulnerability exists in F5 BIG-IP iControl REST, which stems from the fact that after...

9.8CVSS6.1AI score0.0068EPSS

Exploits0References3

OSV•added 2022/08/02 2:15 p.m.•2 views

UBUNTU-CVE-2021-23385

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

6.1CVSS6.5AI score0.00185EPSS

Exploits1References6

Prion•added 2022/08/02 2:15 p.m.•13 views

Input validation

5.8CVSS6.2AI score0.00185EPSS

Exploits1References4

RedhatCVE•added 2022/07/28 11:9 a.m.•35 views

CVE-2022-25896

A misleading session regeneration flaw was found in passport. When a user logs in or logs out, the session is regenerated instead of being closed. This flaw allows an attacker to use a previous session in particular environments. Mitigation Mitigation for this issue is either not available or the...

4.8CVSS1.5AI score0.00164EPSS

Exploits0References4

Huntr•added 2022/07/26 1:49 a.m.•7 views

Cross-Site Request Forgery (CSRF)

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept PoC.html history.pushState'', '', '/' document.forms0.submit;...

0.1AI score

Exploits0

OSV•added 2022/07/12 10:15 a.m.•2 views

CVE-2022-33137

A vulnerability has been identified in SIMATIC MV540 H All versions V3.3, SIMATIC MV540 S All versions V3.3, SIMATIC MV550 H All versions V3.3, SIMATIC MV550 S All versions V3.3, SIMATIC MV560 U All versions V3.3, SIMATIC MV560 X All versions V3.3. The web session management of affected devices...

8CVSS5.7AI score0.00329EPSS

Exploits0References1

Veracode•added 2022/07/06 6:19 a.m.•17 views

Insecure Session

github.com/heroiclabs/nakama is vulnerable to insecure session. The vulnerability exists because session tokens on logout are not properly validated which allows an attacker to send requests with old tokens to authenticate to the application...

7.5CVSS7.2AI score0.00218EPSS

Exploits1References6Affected Software1

Huntr•added 2022/07/06 5:1 a.m.•10 views

Cross-Site Request Forgery (CSRF)

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit;...

1.9AI score

Exploits0

CNNVD•added 2022/07/05 12:0 a.m.•2 views

Nakama 代码问题漏洞

Nakama is a distributed server for social and real-time games and applications. A code issue vulnerability exists in Nakama that stems from the fact that session cookies do not expire upon logout and can therefore be used after logout...

8.2CVSS7.6AI score0.00218EPSS

Exploits1References3