CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28980 matches found

CVE•added 2024/06/20 9:31 p.m.•61 views

CVE-2024-5746

CVE-2024-5746 describes a Server-Side Request Forgery in GitHub Enterprise Server that allowed an authenticated Site Administrator to achieve arbitrary code execution on the instance. Affected versions were all before 3.13, with fixes in 3.12.5, 3.11.11, 3.10.13, and 3.9.16. Public references fro...

7.6CVSS7.8AI score0.00156EPSS

Exploits0References4Affected Software1

Cvelist•added 2024/06/20 9:31 p.m.•22 views

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

7.6CVSS0.00156EPSS

Exploits0References4

Openbugbounty•added 2024/06/20 2:26 p.m.•7 views

chiarina.com Cross Site Scripting vulnerability OBB-3937010

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score

Exploits0

Wordfence Blog•added 2024/06/20 1:40 p.m.•55 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 10, 2024 to June 16, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest...

10CVSS9.3AI score0.90017EPSS

Exploits14

Openbugbounty•added 2024/06/20 10:59 a.m.•6 views

ex-kavator.ru Cross Site Scripting vulnerability OBB-3936907

6.2AI score

Exploits0

Veracode•added 2024/06/20 8:48 a.m.•8 views

Prototype Pollution

@tsed/core is vulnerable to Prototype Pollution. The vulnerability is due to the deepExtend function which lacks proper validation, allowing an attacker to overwrite and pollute the object prototype of a program when user input is provided...

8.1CVSS6.6AI score0.00555EPSS

Exploits1References5Affected Software1

Openbugbounty•added 2024/06/19 4:43 p.m.•3 views

archetype.co.uk Cross Site Scripting vulnerability OBB-3936694

6.2AI score

Exploits0

OSV•added 2024/06/19 2:15 p.m.•1 views

DEBIAN-CVE-2024-38564

In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPFPROGTYPECGROUPSKB attach type enforcement in BPFLINKCREATE bpfprogattach uses attachtypetoprogtype to enforce proper attach type for BPFPROGTYPECGROUPSKB. linkcreate uses bpfprogget and relies on...

5.5CVSS5.5AI score0.00009EPSS

Exploits0References1

OSV•added 2024/06/19 2:15 p.m.•3 views

AZL-68606 CVE-2024-38564 affecting package kernel 5.15.200.1-1

5.5CVSS6.2AI score0.00009EPSS

Exploits0References1

OSV•added 2024/06/19 2:15 p.m.•1 views

UBUNTU-CVE-2024-38564

5.5CVSS6.5AI score0.00009EPSS

Exploits0References12

Debian CVE•added 2024/06/19 1:35 p.m.•15 views

CVE-2024-38574

In the Linux kernel, the following vulnerability has been resolved: libbpf: Prevent null-pointer dereference when prog to load has no BTF In bpfobjecloadprog, there's no guarantee that obj-btf is non-NULL when passing it to btffd, and this function does not perform any check before dereferencing...

5.5CVSS5.7AI score0.00026EPSS

Exploits0

NVD•added 2024/06/18 6:15 a.m.•22 views

CVE-2024-0066

Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client Axis device and O3C server. If O3C is not being used this flaw does not apply. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer...

5.3CVSS0.00073EPSS

Exploits0References1

Vulnrichment•added 2024/06/18 6:10 a.m.•12 views

CVE-2024-0066

5.3CVSS6.8AI score0.00073EPSS

Exploits0References1

CVE•added 2024/06/18 6:10 a.m.•54 views

CVE-2024-0066

CVE-2024-0066 concerns AXIS OS where the O3C feature may expose sensitive traffic between an Axis client device and the O3C server. Concrete details found in connected sources indicate AXIS OS versions affected include 5.51 through 11.9 (CNNVD). The flaw only applies when O3C is in use; if O3C is...

5.3CVSS5.3AI score0.00073EPSS

Exploits0References1

Spring Engineering•added 2024/06/18 12:0 a.m.•9 views

Spring Tips: Introducing Spring Modulith

Hi, Spring fans! In this installment we look at the amazing Spring Modulith project. It's goal is to help you better structure your codebase for architectural scalability. It's an amazing and refreshing approach to building applications. Think of it like a chance to pair program on the architectu...

7.2AI score

Exploits0

Malwarebytes•added 2024/06/17 1:55 p.m.•15 views

Microsoft Recall delayed after privacy and security concerns

Microsoft has announced it will postpone the broadly available preview of the heavily discussed Recall feature for Copilot+ PCs. Copilot+ PCs are personal computers that come equipped with several artificial intelligence AI features. The Recall feature tracks anything from web browsing to voice...

6.7AI score

Exploits0

Openbugbounty•added 2024/06/16 6:4 p.m.•14 views

zekkeiphoto.blog.fc2.com Cross Site Scripting vulnerability OBB-3935778

6.2AI score

Exploits0

Openbugbounty•added 2024/06/16 5:51 p.m.•10 views

kbis-express.fr Cross Site Scripting vulnerability OBB-3935747

6.2AI score

Exploits0

Openbugbounty•added 2024/06/16 5:48 p.m.•8 views

publimath.univ-irem.fr Cross Site Scripting vulnerability OBB-3935739