CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2734 matches found

RedHat Linux•added 2023/07/31 9:36 a.m.•5 views

nodejs: mainModule.proto bypass experimental policy mechanism

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...

7.5CVSS7.1AI score0.00018EPSS

Exploits0References4

CNNVD•added 2023/07/31 12:0 a.m.•3 views

D-Link DIR-645 安全漏洞

The D-Link DIR-645 is a wireless router from the Chinese company D-Link. A security vulnerability exists in the D-Link DIR-645 that originates from an authentication bypass via the phpcgimain function in cgibin...

9.8CVSS8.4AI score0.00356EPSS

Exploits0References3

Positive Technologies•added 2023/07/31 12:0 a.m.•3 views

PT-2023-4061 · D Link · D-Link Dir-895

Name of the Vulnerable Software and Affected Versions: D-Link DIR-895 version FW102b07 Description: The issue is related to a function called phpcgi main in the D-Link DIR-895 router's firmware, which has weaknesses in its authentication procedure. This can be exploited by a remote attacker to ga...

9.8CVSS7.7AI score0.00356EPSS

Exploits0References11

CNNVD•added 2023/07/31 12:0 a.m.•2 views

D-Link DIR-859 安全漏洞

The D-Link DIR-859 is a wireless router from China's AUO D-Link. The D-Link DIR-859 suffers from an authentication bypass vulnerability that stems from a lack of valid authentication in phpcgimain, which can be exploited by an attacker to bypass authentication...

9.8CVSS7.1AI score0.00372EPSS

Exploits0References3

Positive Technologies•added 2023/07/31 12:0 a.m.•2 views

PT-2023-4037 · D Link · D-Link Dir-859

Name of the Vulnerable Software and Affected Versions: D-Link DIR-859 versions FW105b03 Description: The issue is related to an authentication bypass in the D-Link DIR-859 router's firmware, specifically affecting the phpcgi main function. This allows remote attackers to gain escalated privileges...

9.8CVSS5.9AI score0.00372EPSS

Exploits0References7

CNNVD•added 2023/07/31 12:0 a.m.•3 views

D-Link DIR-895 安全漏洞

The D-Link DIR-895 is a wireless router from China's AUO D-Link. The D-Link DIR-895 suffers from an authentication bypass vulnerability that stems from the lack of valid authentication in the phpcgimain function in cgibin, which can be exploited by an attacker to bypass authentication...

9.8CVSS7.1AI score0.00356EPSS

Exploits0References3

BDU FSTEC•added 2023/07/20 12:0 a.m.•1 views

The vulnerability in the main() function of the cli/wvunpack.c component of the WavPack audio codec allows a hacker to cause a service failure.

The vulnerability of the main function in the cli/wvunpack.c component of the WavPack audio codec is related to pointer arithmetic errors. Exploiting this vulnerability allows an attacker to cause a service failure by using a specially created file...

5.5CVSS5.7AI score0.00029EPSS

Exploits1References7Affected Software3

The Hacker News•added 2023/07/17 5:17 a.m.•32 views

CERT-UA Uncovers Gamaredon's Rapid Data Exfiltration Tactics Following Initial Compromise

The Russia-linked threat actor known as Gamaredon has been observed conducting data exfiltration activities within an hour of the initial compromise. "As a vector of primary compromise, for the most part, emails and messages in messengers Telegram, WhatsApp, Signal are used, in most cases, using...

7.2AI score

Exploits0

OSV•added 2023/07/13 12:15 a.m.•3 views

CVE-2023-21248

In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

7.8CVSS5.9AI score0.00003EPSS

Exploits0References2

Positive Technologies•added 2023/07/13 12:0 a.m.•2 views

PT-2023-9362 · Stb Image +3 · Stb Image +3

Name of the Vulnerable Software and Affected Versions: stb image affected versions not specified Description: The issue is related to the stbi load gif from memory component of the stb image library, which is a single file MIT licensed library for processing images. If stbi load gif main fails, i...

9.8CVSS6.8AI score0.00192EPSS

Exploits1References39

CNNVD•added 2023/07/13 12:0 a.m.•7 views

Auto-GPT 代码注入漏洞

Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. A code injection vulnerability exists in versions of Auto-GPT prior to 0.4.3, which stems from the ability to achieve arbitrary code execution on a host running Auto-GPT by overwriting...

7.8CVSS8.1AI score0.0007EPSS

Exploits0References3

Positive Technologies•added 2023/07/13 12:0 a.m.•2 views

PT-2023-9364 · Stb Image +3 · Stb Image +3

Name of the Vulnerable Software and Affected Versions: stb image affected versions not specified Description: The issue is related to a double-free memory error in the stbi load gif main component of the stb image library. This can be triggered by a crafted image file, potentially allowing a remo...

10CVSS7.2AI score0.00192EPSS

Exploits1References37

Huntr•added 2023/07/05 12:33 p.m.•27 views

XSS vulnerabilities via various embeds

Description JSFiddle, Gliffy, Otter and Tldraw embeds lack sufficient input validation. Every one of them can be abused to achieve a stored XSS on a main application domain. This XSS triggers for everyone viewing the document. Proof of Concept PoC file is different for each vulnerable embed. See...

4.9CVSS6.3AI score0.00139EPSS

Exploits1

AlpineLinux•added 2023/07/05 8:52 a.m.•24 views

CVE-2023-37202

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13...

8.8CVSS8.4AI score0.00651EPSS

Exploits0

Amazon•added 2023/06/28 12:0 a.m.•3 views

Important: kernel-livepatch-4.14.313-235.533

Issue Overview: dotlsgetsockopt in net/tls/tlsmain.c in the Linux kernel through 6.2.6 lacks a locksock call, leading to a race condition with a resultant use-after-free or NULL pointer dereference. CVE-2023-28466 Affected Packages: kernel-livepatch-4.14.313-235.533 Issue Correction: Please ensur...

7CVSS6.8AI score0.00021EPSS

Exploits0

BDU FSTEC•added 2023/06/25 12:0 a.m.•2 views

The vulnerability of the decode_main_header() function (libavformat/nutdec.c) in the FFmpeg multimedia library allows a attacker to cause a service failure.

The vulnerability of the decodemainheader function libavformat/nutdec.c in the FFmpeg multimedia library is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.3CVSS6.5AI score0.00094EPSS

Exploits0References16Affected Software9

Positive Technologies•added 2023/06/21 12:0 a.m.•4 views

PT-2023-5278 · D Link · D-Link Dir-645

Name of the Vulnerable Software and Affected Versions: D-Link DIR-645 version 1.03 Description: The issue is related to an Authentication Bypass vulnerability that allows remote attackers to gain escalated privileges. This is due to insufficient access control in the phpcgi main function in cgibi...

9.8CVSS7.4AI score0.00356EPSS

Exploits0References10

Tenable Nessus•added 2023/06/20 12:0 a.m.•25 views

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:2534-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2534-1 advisory. The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security...

7.8CVSS6.9AI score0.00031EPSS

Exploits0References57