CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

340 matches found

AlpineLinux•added 2025/07/04 12:0 a.m.•2 views

CVE-2025-49809

mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries...

7.8CVSS7.2AI score0.00054EPSS

Exploits0

CNNVD•added 2024/11/12 12:0 a.m.•0 views

Fortinet FortiClient 安全漏洞

Fortinet FortiClient is a mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in Fortinet...

8.8CVSS6.6AI score0.00168EPSS

Exploits0References2

NVD•added 2024/09/20 5:15 p.m.•16 views

CVE-2024-45489

Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however because of misconfigured Firebase ACLs, it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and...

9.8CVSS0.0788EPSS

Exploits0References3

Vulnrichment•added 2024/09/20 12:0 a.m.•9 views

CVE-2024-45489

9.7AI score0.0788EPSS

Exploits0References3

Cvelist•added 2024/09/20 12:0 a.m.•12 views

CVE-2024-45489

0.0788EPSS

Exploits0References3

OSV•added 2024/04/12 11:7 a.m.•1 views

OESA-2024-1369 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have...

8.8CVSS8.4AI score0.67932EPSS

Exploits0References2

Huntr•added 2023/08/14 11:2 a.m.•16 views

Stored XSS via user's Username

Description The application allows creating users with Username containing Malicious HTML/Javascript that can be executed in the users’ privileged context during the user editing process or visiting a phishing link. Proof of Concept Step 1: A privileged user creates a normal user account with...

6.3AI score

Exploits0References1

Xen Project•added 2023/08/08 5:0 p.m.•43 views

x86/Intel: Gather Data Sampling

ISSUE DESCRIPTION A researcher has discovered Gather Data Sampling, a transient execution side-channel whereby the AVX GATHER instructions can forward the content of stale vector registers to dependent instructions. The physical register file is a structure competitively shared between sibling...

6.5CVSS6.8AI score0.00733EPSS

Exploits1

Xen Project•added 2023/07/24 4:3 p.m.•38 views

x86/AMD: Zenbleed

ISSUE DESCRIPTION Researchers at Google have discovered Zenbleed, a hardware bug causing corruption of the vector registers. When a VZEROUPPER instruction is discarded as part of a bad transient execution path, its effect on internal tracking are not unwound correctly. This manifests as the wrong...

5.5CVSS6.7AI score0.0844EPSS

Exploits1

SUSE CVE•added 2023/02/15 5:45 a.m.•0 views

SUSE CVE-2012-4203

The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark...

6.8CVSS8.9AI score0.02424EPSS

Exploits1References4

SUSE CVE•added 2023/02/15 5:30 a.m.•2 views

SUSE CVE-2014-1529

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page f...

8.8CVSS8.8AI score0.01321EPSS

Exploits1References10

SUSE CVE•added 2023/02/15 4:57 a.m.•0 views

SUSE CVE-2016-7644

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service...

9.3CVSS6.9AI score0.0359EPSS

Exploits5References3

NVD•added 2022/12/22 8:15 p.m.•16 views

CVE-2022-1802

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0,...

8.8CVSS0.67932EPSS

Exploits0References2

OSV•added 2022/12/22 8:15 p.m.•1 views

DEBIAN-CVE-2022-1802

8.8CVSS8.5AI score0.67932EPSS

Exploits0References1

Debian CVE•added 2022/12/22 12:0 a.m.•48 views

CVE-2022-1802

8.8CVSS8.8AI score0.67932EPSS

Exploits0

AlpineLinux•added 2022/12/22 12:0 a.m.•48 views

CVE-2022-1802

8.8CVSS8.2AI score0.67932EPSS

Exploits0

Tenable Nessus•added 2022/12/15 12:0 a.m.•20 views

Zoom Client for Meetings < 5.3.0 Vulnerability (ZSB-21003)

The version of Zoom Client for Meetings installed on the remote host is prior to 5.3.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-21003 advisory. - The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate...

10CVSS9.1AI score0.03254EPSS

Exploits0References2

CNVD•added 2022/10/25 12:0 a.m.•21 views

Dell PowerScale OneFS has an unspecified vulnerability (CNVD-2023-12629)

Dell PowerScale OneFS is an operating system from Dell USA Inc. Dell PowerScale OneFS has a security vulnerability that stems from the inclusion of a privileged context switch error, which could be exploited by an attacker to compromise the entire system...

6.7CVSS4.6AI score0.00039EPSS

Exploits0References1

CNNVD•added 2022/10/21 12:0 a.m.•1 views

Dell PowerScale OneFS 安全漏洞

6.7CVSS6.5AI score0.00039EPSS

Exploits0References2