CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3370 matches found

ICS•added 2021/04/13 12:0 a.m.•37 views

Siemens and PKE Control Center Server

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendors: Siemens/PKE Equipment: Control Center Server CCS Vulnerabilities: Cleartext Storage of Sensitive Information in GUI, Improper Authentication, Relative Path Traversal, Use of a Broken or Risky...

9.9CVSS9.8AI score0.02647EPSS

Exploits0References8

Kitploit•added 2021/04/08 12:30 p.m.•52 views

NtHiM - Super Fast Sub-domain Takeover Detection

NtHiM - Super Fast Sub-domain Takeover Detection Installation Method 1: Using Pre-compiled Binaries The pre-compiled binaries for different systems are available in the Releases page. You can download the one suitable for your system, unzip the file and start using NtHiM. Method 2: Using Crates.i...

7.3AI score

Exploits0References5

CVE•added 2021/04/07 6:20 p.m.•164 views

CVE-2021-21425

GravCMS (Grav Admin Plugin)

9.8CVSS9.4AI score0.80467EPSS

Exploits11References4Affected Software1

Citrix•added 2021/04/07 12:0 a.m.•6 views

How to Automatically Move Applications to Start Menu Using Receiver for Windows 4.0 and 4.1

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. This article describes how to automatically move applications to the Start menu using Receiver for...

6.9AI score

Exploits0

OPENSUSE Linux•added 2021/04/07 12:0 a.m.•50 views

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:0515-1 Rating: important References: 1184256 Cross-References: CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199 Affected Products: openSUSE Backports SLE-15-SP2 An...

8.8CVSS9.4AI score0.01793EPSS

Exploits0References1

OPENSUSE Linux•added 2021/04/04 12:0 a.m.•12 views

Security update for OpenIPMI (moderate)

openSUSE Security Update: Security update for OpenIPMI Announcement ID: openSUSE-SU-2021:0512-1 Rating: moderate References: 1183178 Affected Products: openSUSE Leap 15.2 An update that contains security fixes can now be installed. Description: This update for OpenIPMI fixes the following issues:...

7.3AI score

Exploits0

Securelist•added 2021/04/02 10:0 a.m.•251 views

Browser lockers: extortion disguised as a fine

Browser lockers aka browlocks are a class of online threats that prevent the victim from using the browser and demand a ransom. A locker is a fake page that dupes the user, under a fictitious pretext loss of data, legal liability, etc., into making a call or a money transfer, or giving out paymen...

0.4AI score

Exploits0

Microsoft Secure•added 2021/04/01 6:0 p.m.•40 views

Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting

As seen in recent sophisticated cyberattacks, especially human-operated campaigns, it’s critical to not only detect an attack as early as possible but also to rapidly determine the scope of the compromise and predict how it will progress. How an attack proceeds depends on the attacker’s goals and...

1.2AI score

Exploits0

Microsoft Malware Protection•added 2021/04/01 6:0 p.m.•18 views

Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting

1.2AI score

Exploits0

NVD•added 2021/03/05 7:15 p.m.•13 views

CVE-2021-26705

An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate valid authentication tokens. These tokens can then be used to invoke administrative tasks within...

9.1CVSS0.02065EPSS

Exploits1References1

CVE•added 2021/03/05 6:54 p.m.•63 views

CVE-2021-26705

CVE-2021-26705 affects SquareBox CatDV Server up to 9.2. An attacker can invoke sensitive RMI methods (e.g., getConnections) without authentication, allowing generation of valid authentication tokens. These tokens can be used to perform administrative tasks within the application, including discl...

9.1CVSS9.2AI score0.02065EPSS

Exploits1References1Affected Software1

OPENSUSE Linux•added 2021/03/03 12:0 a.m.•30 views

Security update for webkit2gtk3 (important)

openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2021:0376-1 Rating: important References: 1182286 Cross-References: CVE-2020-13558 CVSS scores: CVE-2020-13558 SUSE: 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 An...

8.8CVSS8.8AI score0.01792EPSS

Exploits1References1

OPENSUSE Linux•added 2021/03/01 12:0 a.m.•60 views

Security update for qemu (important)

openSUSE Security Update: Security update for qemu Announcement ID: openSUSE-SU-2021:0363-1 Rating: important References: 1178049 1178565 1179717 1179719 1180523 1181639 1181933 1182137 Cross-References: CVE-2020-11947 CVE-2021-20181 CVE-2021-20203 CVE-2021-20221 CVSS scores: CVE-2020-11947 NVD :...

7.5CVSS7.2AI score0.00587EPSS

Exploits1References8

OpenVAS•added 2021/02/25 12:0 a.m.•9 views

Fedora: Security Advisory for php-horde-Horde-Text-Filter (FEDORA-2021-f8368da9af)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score

Exploits0References2

Check Point Advisories•added 2021/02/23 12:0 a.m.•0 views

Cobalt Strike Web Delivery Remote Code Execution

Certain evasion tools obfuscate scripts in order to circumvent inspection by security software. An attacker could use such evasion methods in order to execute arbitrary code on the target, using it to download and execute a malicious payload...

3.5AI score

Exploits0

Prion•added 2021/02/19 11:15 p.m.•23 views

Arbitrary file deletion

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...

6.8CVSS6.5AI score0.01814EPSS

Exploits1References5Affected Software1

CVE•added 2021/02/19 10:33 p.m.•112 views

CVE-2020-12668

This entry concerns Jinjava prior to version 2.5.4 where callers can trigger access to arbitrary Java classes by invoking methods on objects supplied in the Jinjava context. The underlying issue is misuse of the application class loader, enabling scenarios like Arbitrary File Disclosure. Public r...

6.8CVSS6.5AI score0.01814EPSS

Exploits1References5Affected Software1

OPENSUSE Linux•added 2021/02/18 12:0 a.m.•48 views

Security update for php7 (important)

openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2021:0305-1 Rating: important References: 1182049 Cross-References: CVE-2021-21702 CVSS scores: CVE-2021-21702 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 An update tha...

7.5CVSS7.6AI score0.03093EPSS

Exploits0References1

OPENSUSE Linux•added 2021/02/02 12:0 a.m.•14 views

Security update for segv_handler (moderate)

openSUSE Security Update: Security update for segvhandler Announcement ID: openSUSE-SU-2021:0231-1 Rating: moderate References: 1180665 Affected Products: openSUSE Backports SLE-15-SP2 An update that contains security fixes can now be installed. Description: This update for segvhandler fixes the...

7.3AI score

Exploits0