CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An improper access control was identified in the Identity Security Cloud ISC message server API that allowed an authenticated user to exfiltrate job processing metadata opaque messageIDs, work queue depth and counts for other tenants...

6.5CVSS6.7AI score0.0006EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:33 a.m.•3 views

CVE-2023-37491

The ACL Access Control List of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the...

8.8CVSS6.6AI score0.00047EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:33 p.m.•2 views

CVE-2022-26235

A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows...

7.8CVSS6.9AI score0.00034EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:10 a.m.•2 views

CVE-2012-6275

Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via 1 the filename header in an SCH request or 2 the userid component in a DUPF request...

10CVSS7.2AI score0.76513EPSS

Exploits8References1

CVE•added 2024/05/15 3:55 p.m.•46 views

CVE-2024-3317

CVE-2024-3317 involves SailPoint Identity Security Cloud (ISC) message server API showing improper access control. An authenticated user can exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants. This is described across multiple sources (NVD, Red H...

6.5CVSS6.6AI score0.0006EPSS

Exploits0References1

Positive Technologies•added 2024/05/15 12:0 a.m.•1 views

PT-2024-25140 · Unknown · Identity Security Cloud

Name of the Vulnerable Software and Affected Versions: Identity Security Cloud ISC affected versions not specified Description: An issue was found in the Identity Security Cloud ISC message server API, related to improper access control. This allowed an authenticated user to access job processing...

6.5CVSS6.7AI score0.0006EPSS

Exploits0References3

Positive Technologies•added 2023/11/21 12:0 a.m.•1 views

PT-2023-32575 · Unknown · Syrus4 Iot Gateway

Name of the Vulnerable Software and Affected Versions: Syrus4 IoT Gateway affected versions not specified Description: The Syrus4 IoT gateway has an unsecured MQTT server, allowing a remote unauthenticated attacker to execute arbitrary commands on connected devices. This exposes location, video,...

10CVSS9.7AI score0.01676EPSS

Exploits0References10

CNVD•added 2023/08/11 12:0 a.m.•17 views

Online Security Guards Hiring System Cross-Site Scripting Vulnerability (CNVD-2023-64633)

Online Security Guards Hiring System is an online security guard hiring system. A security vulnerability exists in Online Security Guards Hiring System version v.1.0. The vulnerability can be exploited by an attacker to perform cross-site scripting attacks...

5.9AI score

Exploits3References1

CNVD•added 2023/08/10 12:0 a.m.•13 views

Hospital Management System SQL Injection Vulnerability (CNVD-2023-64634)

A Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs effectively. Hospital Management System version 1.0 suffers from a SQL injection vulnerability that stems from the fact that incorrect manipulati...

9.8CVSS9.9AI score0.00067EPSS

Exploits1References1