CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-28587

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00611EPSS

Exploits0References4

Tenable Nessus•added 2025/03/05 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2023-44387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves...

6.5CVSS6.5AI score0.00072EPSS

Exploits0References3

OSV•added 2024/03/06 10:53 a.m.•12 views

BIT-GRADLE-2022-23630 Dependency verification bypass in Gradle

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...

7.5CVSS7.4AI score0.00611EPSS

Exploits0References4

OSV•added 2024/03/06 10:53 a.m.•19 views

BIT-GRADLE-2023-26053 Gradle usage of long IDs for PGP keys opens potential for collision attacks

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

9.8CVSS7.5AI score0.00662EPSS

Exploits0References4

OSV•added 2024/03/06 10:53 a.m.•11 views

BIT-GRADLE-2023-35946 Dependency cache path traversal in Gradle

Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to writ...

6.9CVSS6AI score0.00114EPSS

Exploits0References6

OSV•added 2024/03/06 10:52 a.m.•23 views

BIT-GRADLE-2023-44387 Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...

6.5CVSS5AI score0.00072EPSS

Exploits0References6

Prion•added 2023/10/06 2:15 p.m.•14 views

Xxe

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

2.6CVSS5.3AI score0.00365EPSS

Exploits0References4Affected Software1

CVE•added 2023/10/06 1:52 p.m.•164 views

CVE-2023-42445

CVE-2023-42445 affects Gradle: XML External Entity (XXE) resolution was not disabled in some parsing paths, enabling potential exfiltration of local text files via XML parsing with an OOB-XXE scenario. Documents confirm Gradle now disables XML external entities for all use cases in Gradle 7.6.3 a...

6.8CVSS6AI score0.00365EPSS

Exploits0References4Affected Software1

OSV•added 2023/10/06 1:52 p.m.•22 views

CVE-2023-42445 Possible local file exfiltration by XML External entity injection

6.8CVSS6.3AI score0.00365EPSS

Exploits0References6

NVD•added 2023/06/30 9:15 p.m.•9 views

CVE-2023-35947

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...

8.1CVSS7.4AI score0.00127EPSS

Exploits0References4

NVD•added 2023/06/30 9:15 p.m.•10 views

CVE-2023-35946

6.9CVSS6.6AI score0.00114EPSS

Exploits0References5

AlpineLinux•added 2023/06/30 9:15 p.m.•18 views

CVE-2023-35947

8.1CVSS6.7AI score0.00127EPSS

Exploits0

CVE•added 2023/06/30 8:21 p.m.•66 views

CVE-2023-35946

CVE-2023-35946 is a path-traversal vulnerability in Gradle’s dependency caching. When Gradle writes a dependency into the cache, it uses the dependency coordinates to determine the file path; crafted coordinates can cause writes outside the cache or overwrite other files in the cache. This can en...

6.9CVSS5.7AI score0.00114EPSS

Exploits0References5Affected Software1

Cvelist•added 2023/06/30 8:18 p.m.•14 views

CVE-2023-35947 Path traversal vulnerabilities in handling of Tar archives in Gradle

6.9CVSS8.2AI score0.00127EPSS

Exploits0References4

CVE•added 2023/06/30 8:18 p.m.•62 views

CVE-2023-35947

CVE-2023-35947 affects Gradle, a build tool. The vulnerability arises when unpacking Tar archives: Gradle did not prevent path traversal, allowing potential writes outside the unpack directory and, in reads from a Tar entry, possible disclosure of sensitive files. This is commonly referred to as ...

8.1CVSS7.3AI score0.00127EPSS

Exploits0References4Affected Software1

Debian CVE•added 2023/03/02 3:11 a.m.•27 views

CVE-2023-26053

9.8CVSS7.8AI score0.00662EPSS

Exploits0

OSV•added 2023/03/02 3:11 a.m.•19 views

CVE-2023-26053 Gradle usage of long IDs for PGP keys opens potential for collision attacks

6.6CVSS7.7AI score0.00662EPSS

Exploits0References5

CVE•added 2023/03/02 3:11 a.m.•83 views

CVE-2023-26053

CVE-2023-26053 affects Gradle, where dependency verification can be bypassed via a collision attack using long IDs for PGP keys in trusted-key/pgp metadata. The vulnerability arises from accepting non-fingerprint IDs and is mitigated by making verification fail when anything but a full fingerprin...

9.8CVSS7.7AI score0.00662EPSS

Exploits0References3Affected Software1