CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the...

7.4CVSS6.8AI score0.00458EPSS

Exploits0References1

Veracode•added 2023/12/13 9:56 a.m.•14 views

Sensitive Information Disclosure

laf-client-sdk is vulnerable to Sensitive Information Disclosure. The vulnerability is caused due to directly inserting env variables into the the template while constructing the deployment instance of the app. Sensitive information in the secret and configmap can be read through the k8s envFrom...

9.1CVSS6.5AI score0.00151EPSS

Exploits1References3Affected Software1

NVD•added 2023/12/12 9:15 p.m.•8 views

CVE-2023-48225

Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another...

9.1CVSS0.00151EPSS

Exploits1References3

Prion•added 2023/12/12 9:15 p.m.•12 views

Code injection

6.4CVSS6.6AI score0.00151EPSS

Exploits1References3Affected Software1

Cvelist•added 2023/12/12 8:33 p.m.•11 views

CVE-2023-48225 Laf env causes sensitive information disclosure

8.9CVSS9.2AI score0.00151EPSS

Exploits1References3

CVE•added 2023/12/12 8:33 p.m.•28 views

CVE-2023-48225

CVE-2023-48225 affects Laf prior to v1.0.0-beta.13, where lax control of app environment variables enables leakage of sensitive data from secrets/configmaps via k8s envFrom. Root cause described: ES6 object references cause the entire referenced object to be embedded into the deployment template ...

9.1CVSS8.9AI score0.00151EPSS

Exploits1References3Affected Software1

OSV•added 2023/12/12 8:33 p.m.•13 views

CVE-2023-48225 Laf env causes sensitive information disclosure

8.9CVSS8.8AI score0.00151EPSS

Exploits1References5

ATTACKERKB•added 2023/10/12 5:15 a.m.•1 views

CVE-2023-40829

There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000...

7.5CVSS5.8AI score0.00082EPSS

Exploits0References2

NVD•added 2023/10/12 5:15 a.m.•10 views

CVE-2023-40829

There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000...

7.5CVSS7.5AI score0.00082EPSS

Exploits0References1

OSV•added 2023/10/12 5:15 a.m.•1 views

CVE-2023-40829

There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000...

7.5CVSS5.8AI score0.00082EPSS

Exploits0References1

CNNVD•added 2023/10/12 12:0 a.m.•2 views

Tencent WeChat Security Breach

Tencent WeChat 微信 is an online social networking application from the Chinese company Tencent. The program supports sending voice messages, videos, pictures, and texts. A security vulnerability exists in Tencent Wechat Privatization version 2.5.x and version 2.6.930000, which stems from the...

7.5CVSS6.8AI score0.00082EPSS

Exploits0References2

CVE•added 2023/10/12 12:0 a.m.•33 views

CVE-2023-40829

CVE-2023-40829 affects Tencent Enterprise Wechat Privatization versions 2.5.x–2.6.930000, describing an interface unauthorized access vulnerability in the background. CVSS v3.1 base score 7.5 (Network, L/PR:None/UI:None/S:Unchanged; Conf. High, Itg. None, Avail. None). No remediation details are ...

7.5CVSS7.5AI score0.00082EPSS

Exploits0References1Affected Software1