CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7696 matches found

OpenVAS•added 2023/03/02 12:0 a.m.•13 views

Ubuntu: Security Advisory (USN-5898-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6.1AI score0.00127EPSS

Exploits0References2

Positive Technologies•added 2023/03/02 12:0 a.m.•2 views

PT-2023-35663 · Git +1 · Libredwg

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue has been identified, potentially causing a crash. The crash state involves functions such as json cquote, dwg json LTYP...

7AI score

Exploits0References2

RedHat Linux•added 2023/03/01 9:45 p.m.•2 views

json5: Prototype Pollution in JSON5 via Parse Method

A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse...

8.8CVSS6.9AI score0.42304EPSS

Exploits1References5

OSV•added 2023/03/01 9:30 p.m.•24 views

GHSA-JH36-Q97C-9928 Kubernetes vulnerable to validation bypass

Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...

8.8CVSS7.2AI score0.00769EPSS

Exploits0References5

Github Security Blog•added 2023/03/01 9:30 p.m.•29 views

Kubernetes vulnerable to validation bypass

8.8CVSS8.3AI score0.00769EPSS

Exploits0References5Affected Software1

OSV•added 2023/03/01 7:15 p.m.•19 views

CVE-2022-3294

8.8CVSS8.8AI score

Exploits0References3

NVD•added 2023/03/01 7:15 p.m.•15 views

CVE-2022-3294

8.8CVSS7.3AI score0.00769EPSS

Exploits0References3

Prion•added 2023/03/01 7:15 p.m.•14 views

Input validation

6.5CVSS8.4AI score0.00769EPSS

Exploits0References3Affected Software1

OSV•added 2023/03/01 7:15 p.m.•0 views

UBUNTU-CVE-2022-3294

8.8CVSS7AI score0.00769EPSS

Exploits0References2

UbuntuCve•added 2023/03/01 7:15 p.m.•24 views

CVE-2022-3294

8.8CVSS6.9AI score0.00769EPSS

Exploits0References1

Debian CVE•added 2023/03/01 12:0 a.m.•34 views

CVE-2022-3294

8.8CVSS8.7AI score0.00769EPSS

Exploits0

Veracode•added 2023/02/25 8:48 p.m.•18 views

Prototype Pollution

firefox is vulnerable to Prototype Pollution. The vulnerability exists due to the URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code...

8.8CVSS4.9AI score0.00277EPSS

Exploits0References3Affected Software3

Huntr•added 2023/02/25 9:11 a.m.•26 views

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with Steps To Reproduce 1. Create a New HTML file as shown in below i....

5.8CVSS6.2AI score0.51102EPSS

Exploits1References2

OSV•added 2023/02/23 8:15 p.m.•1 views

CVE-2023-26326

The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used t...

9.8CVSS7.4AI score0.47073EPSS

Exploits5References1

Prion•added 2023/02/23 8:15 p.m.•22 views

Deserialization of untrusted data

7.5CVSS9.4AI score0.47073EPSS

Exploits5References1Affected Software1

Cvelist•added 2023/02/23 12:0 a.m.•22 views

CVE-2023-26326

9.8AI score0.47073EPSS

Exploits5References1

CNNVD•added 2023/02/23 12:0 a.m.•10 views

WordPress Plugin BuddyForms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

9.8CVSS8.6AI score0.47073EPSS

Exploits5References2

F5 Networks•added 2023/02/21 6:54 p.m.•28 views

K65720640: BIG-IP SSL state mirroring vulnerability CVE-2020-5886

Security Advisory Description BIG-IP systems setup for connection mirroring in a High Availability HA pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring...

9.1CVSS8.8AI score0.00244EPSS

Exploits0Affected Software11

F5 Networks•added 2023/02/21 6:53 p.m.•44 views

K34120074: PostgreSQL vulnerability CVE-2020-1720

Security Advisory Description A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to...

6.5CVSS6.7AI score0.00351EPSS

Exploits0Affected Software1

F5 Networks•added 2023/02/21 6:34 p.m.•50 views

K04553557: Linux nfsd kernel vulnerability CVE-2020-24394

Security Advisory Description In the Linux kernel before 5.7.8, fs/nfsd/vfs.c in the NFS server can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. CVE-2020-24394 Impact The...

7.1CVSS6.5AI score0.00049EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by