CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4460 matches found

NVD•added 2023/04/15 11:15 p.m.•19 views

CVE-2018-17455

An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals"...

7.5CVSS7.1AI score0.00621EPSS

Exploits0References2

OSV•added 2023/04/15 11:15 p.m.•26 views

CVE-2018-17455

7.5CVSS7.3AI score

Exploits0References2

Prion•added 2023/04/15 11:15 p.m.•20 views

Information disclosure

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference...

5CVSS7.3AI score0.00839EPSS

Exploits0References2Affected Software1

UbuntuCve•added 2023/04/15 11:15 p.m.•24 views

CVE-2018-17449

7.5CVSS7.1AI score0.00839EPSS

Exploits0References2

Prion•added 2023/04/15 11:15 p.m.•21 views

Design/Logic Flaw

5CVSS7.2AI score0.00621EPSS

Exploits0References2Affected Software1

UbuntuCve•added 2023/04/15 11:15 p.m.•19 views

CVE-2018-17455

7.5CVSS7.1AI score0.00621EPSS

Exploits0References2

Vulnrichment•added 2023/04/15 12:0 a.m.•8 views

CVE-2018-17449

6.5AI score0.00839EPSS

Exploits0References2

CNNVD•added 2023/04/15 12:0 a.m.•3 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab, which stems from an insecure direct...

7.5CVSS7.3AI score0.00839EPSS

Exploits0References3

OSV•added 2023/04/14 2:15 p.m.•2 views

CVE-2022-45175

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/ID-FILE/c/N/C/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a...

6.5CVSS5.8AI score0.00717EPSS

Exploits1References1

AlpineLinux•added 2023/04/14 2:15 p.m.•30 views

CVE-2022-45175

6.5CVSS6.7AI score0.00717EPSS

Exploits1References1

Prion•added 2023/04/14 2:15 p.m.•18 views

Design/Logic Flaw

4CVSS6.4AI score0.00717EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2023/04/14 12:0 a.m.•6 views

CVE-2022-45175

6.9AI score0.00717EPSS

Exploits1References1

CNNVD•added 2023/04/14 12:0 a.m.•3 views

LIVEBOX Collaboration vDesk 安全漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from an insecure direct object reference may occur in 5.6.5-3/doc/ID-FILE/c/N/C/websocket...

6.5CVSS6.4AI score0.00717EPSS

Exploits1References2

Cvelist•added 2023/04/14 12:0 a.m.•27 views

CVE-2022-45175

6.7AI score0.00717EPSS

Exploits1References1

Positive Technologies•added 2023/04/14 12:0 a.m.•3 views

PT-2023-14630 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue allows an Insecure Direct Object Reference to occur under the "5.6.5-3/doc/ID-FILE/c/N/C/websocket" endpoint. A malicious unauthenticated user can access cached files in...

6.5CVSS6.4AI score0.00717EPSS

Exploits1References3

CVE•added 2023/04/14 12:0 a.m.•140 views

CVE-2022-45175

The vulnerability CVE-2022-45175 affects LIVEBOX Collaboration vDesk through v018. The issue is an Insecure Direct Object Reference in the endpoint 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket, allowing an unauthenticated attacker to access cached files in the OnlyOffice backend of other users by gu...

6.5CVSS6.4AI score0.00717EPSS

Exploits1References1Affected Software1

Packet Storm•added 2023/04/10 12:0 a.m.•258 views

Schneider Electric 1.0 Insecure Direct Object Reference

Exploit Title: Schneider Electric v1.0 - Directory traversal & Broken Authentication Google Dork: inurl:/scada-vis Date: 3/11/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: https://www.se.com/ Version: all-versions Tested on: Windows/Linux/Android Attacker can using these dorks and...

6.8AI score

Exploits0

Positive Technologies•added 2023/04/05 12:0 a.m.•4 views

PT-2023-16630 · Bhima · Bhima

Name of the Vulnerable Software and Affected Versions: Bhima version 1.27.0 Description: The issue allows an authenticated attacker with regular user permissions to update arbitrary user session data, including username, email, and password. This is due to the application being vulnerable to...

4.3CVSS4.5AI score0.00477EPSS

Exploits1References8

0day.today•added 2023/03/30 12:0 a.m.•521 views

LISTSERV 17 - Insecure Direct Object Reference (IDOR) Vulnerability

Exploit Title: LISTSERV 17 - Insecure Direct Object Reference IDOR Google Dork: inurl:/scripts/wa.exe Exploit Author: Shaunt Der-Grigorian Vendor Homepage: https://www.lsoft.com/ Software Link: https://www.lsoft.com/download/listserv.asp Version: 17 Tested on: Windows Server 2019 CVE :...

7.5CVSS7.6AI score0.07195EPSS

Exploits4

Exploit DB•added 2023/03/30 12:0 a.m.•159 views

LISTSERV 17 - Insecure Direct Object Reference (IDOR)

Exploit Title: LISTSERV 17 - Insecure Direct Object Reference IDOR Google Dork: inurl:/scripts/wa.exe Date: 12/02/2022 Exploit Author: Shaunt Der-Grigorian Vendor Homepage: https://www.lsoft.com/ Software Link: https://www.lsoft.com/download/listserv.asp Version: 17 Tested on: Windows Server 2019...

7.5CVSS7.6AI score0.07195EPSS

Exploits4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by