CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4991 matches found

The Hacker News•added 2023/12/22 12:46 p.m.•65 views

Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware

A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language. "Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers' unfamiliarity can hamp...

8.8CVSS8.9AI score0.90206EPSS

Exploits2

Positive Technologies•added 2023/12/22 12:0 a.m.•7 views

PT-2023-9808

Name of the Vulnerable Software and Affected Versions Proxmox Virtual Environment versions 8.2.2 and earlier Description The issue is related to insufficient safeguards against malicious API response values in Proxmox Virtual Environment, allowing authenticated attackers with 'Sys.Audit' or...

8.2CVSS5.5AI score0.00134EPSS

Exploits1References20

CNNVD•added 2023/12/22 12:0 a.m.•2 views

Nextcloud Access Control Error Vulnerability

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. An Access Control Error vulnerability exists in Nextcloud Server, which stems from the ability to delete and modify workflows by bypassing calls sent direct...

5.4CVSS6.8AI score0.00199EPSS

Exploits0References4

OSV•added 2023/12/21 10:15 p.m.•1 views

CVE-2023-27319

ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API...

5.3CVSS5.8AI score

Exploits0References1

OSV•added 2023/12/20 11:24 p.m.•14 views

CVE-2023-46131 Grails® data binding causes JVM crash and/or DoS

Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3,...

6.5CVSS7.3AI score0.00544EPSS

Exploits0References7

The Hacker News•added 2023/12/20 8:10 a.m.•48 views

New Go-Based JaskaGO Malware Targeting Windows and macOS Systems

A new Go-based information stealer malware called JaskaGO has emerged as the latest cross-platform threat to infiltrate both Windows and Apple macOS systems. AT&T Alien Labs, which made the discovery, said the malware is "equipped with an extensive array of commands from its command-and-control C...

6.9AI score

Exploits0

CNNVD•added 2023/12/19 12:0 a.m.•2 views

Mozilla Firefox Security Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 121, which stems from a lack of exception handling in TypedArray, leading to abuse of other APIs...

8.8CVSS6.5AI score0.01124EPSS

Exploits0References9

OSV•added 2023/12/18 12:0 p.m.•17 views

RUSTSEC-2023-0080 Buffer overflow due to integer overflow in `transpose`

Given the function transpose::transpose: rust fn transposeinput: &T, output: &mut T, inputwidth: usize, inputheight: usize The safety check inputwidth inputheight == output.len can fail due to inputwidth inputheight overflowing in such a way that it equals output.len. As a result of failing the...

5.3CVSS7.5AI score0.00247EPSS

Exploits0References3

OpenVAS•added 2023/12/18 12:0 a.m.•20 views

Fedora: Security Advisory for perl (FEDORA-2023-9ef8a60a05)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.00111EPSS

Exploits0References2

Fedora•added 2023/12/17 1:43 a.m.•38 views

[SECURITY] Fedora 38 Update: perl-5.36.3-498.fc38

Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

7.8CVSS7.3AI score0.00111EPSS

Exploits0

OpenVAS•added 2023/12/16 12:0 a.m.•6 views

Fedora: Security Advisory for golang (FEDORA-2023-ace2655259)

7.5AI score

Exploits0References2

OpenVAS•added 2023/12/16 12:0 a.m.•6 views

Fedora: Security Advisory (FEDORA-2023-e57f5a2301)

7.5AI score

Exploits0References2

NVD•added 2023/12/15 7:15 p.m.•14 views

CVE-2023-50723

XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the...

9.9CVSS0.05391EPSS

Exploits0References8

Prion•added 2023/12/15 7:15 p.m.•14 views

Remote code execution

XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter...

6.8CVSS7.2AI score0.03256EPSS

Exploits0References3Affected Software1

CVE•added 2023/12/15 7:2 p.m.•52 views

CVE-2023-50723

CVE-2023-50723 affects XWiki Platform, a generic wiki platform. The vulnerability arises from missing escaping in the code that displays sections in the administration interface, allowing a user who can edit any wiki page to gain programming rights. Affected versions are 2.3 up to before fixes: 1...

9.9CVSS9.4AI score0.05391EPSS

Exploits0References8Affected Software1

OSV•added 2023/12/15 7:2 p.m.•14 views

CVE-2023-50723 XWiki Platform remote code execution/programming rights with configuration section from any user account

9.9CVSS8.5AI score0.05391EPSS

Exploits0References10