CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2242 matches found

Akamai Blog•added 2021/03/16 4:0 a.m.•14 views

Phish-Proof Multi-Factor Authentication with Akamai MFA

Today, Akamai announced Akamai MFA, a phish-proof multi-factor authentication MFA service for the workforce that delivers all of the security benefits of FIDO2 with the frictionless end-user experience of a mobile push on a smartphone. Why has Akamai introduced this new service?...

3.7AI score

Exploits0

Tenable Nessus•added 2021/03/10 12:0 a.m.•51 views

EulerOS Virtualization 2.9.1 : httpd (EulerOS-SA-2021-1602)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge...

9.8CVSS6.8AI score0.90485EPSS

Exploits4References4

CNNVD•added 2021/03/05 12:0 a.m.•3 views

Rust 资源管理错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in stackdst crate before 0.6.1 for Rust, which stems from the pushinner behavior, with double free at val.clone.No detailed vulnerability details are provided at...

9.8CVSS5.5AI score0.01167EPSS

Exploits0References1

OSV•added 2021/02/26 6:15 p.m.•3 views

DEBIAN-CVE-2021-21273

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

6.1CVSS6.7AI score0.01809EPSS

Exploits0References1

PyPA•added 2021/02/26 6:15 p.m.•4 views

PYSEC-2021-131

6.1CVSS6.7AI score0.01809EPSS

Exploits0References4Affected Software1

OSV•added 2021/02/26 6:15 p.m.•1 views

UBUNTU-CVE-2021-21273

6.1CVSS5.8AI score0.01809EPSS

Exploits0References6

Github Security Blog•added 2021/02/26 5:28 p.m.•209 views

Open redirects on some federation and push requests

Impact Requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the...

6.1CVSS1.4AI score0.01809EPSS

Exploits0References8Affected Software1

OSV•added 2021/02/26 5:28 p.m.•16 views

GHSA-V936-J8GP-9Q3P Open redirects on some federation and push requests

6.3CVSS6.3AI score0.01809EPSS

Exploits0References8

Cvelist•added 2021/02/26 5:25 p.m.•21 views

CVE-2021-21273 Open redirects on some federation and push requests

3.1CVSS6.7AI score0.01809EPSS

Exploits0References5

CNNVD•added 2021/02/26 12:0 a.m.•4 views

Matrix Synapse Input Validation Error Vulnerability

Matrix Synapse is an implementation of a matrix management server from the Matrix Foundation in the UK. A security vulnerability exists in Synapse that stems from a request to a user-provided domain being unrestricted by an external IP address when calculating key validity for third-party...

6.1CVSS6.4AI score0.01809EPSS

Exploits0References6

Kitploit•added 2021/02/17 8:30 p.m.•385 views

CrackerJack - Web GUI for Hashcat

Web Interface for Hashcat by Context Information Security Demo / StartCracking in Under 5 Minutes Introduction CrackerJack is a Web GUI for Hashcat developed in Python. Architecture This project aims to keep the GUI and Hashcat independent. In a nutshell, here's how it works: User uploads hashes,...

7.6AI score

Exploits0References1

CNVD•added 2021/02/03 12:0 a.m.•9 views

MediaWiki Cross-Site Request Forgery Vulnerability (CNVD-2021-09325)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A cross-site request forgery vulnerability exists in MediaWiki 1.35 and earlier versions, which stems from...

8.8CVSS6.6AI score0.00701EPSS

Exploits0References1

CNVD•added 2021/02/03 12:0 a.m.•7 views

MediaWiki Information Disclosure Vulnerability (CNVD-2021-09324)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An information disclosure vulnerability exists in the Push extension for MediaWiki 1.35 and prior versions...

7.5CVSS6.1AI score0.00655EPSS

Exploits0References1

BDU FSTEC•added 2021/02/02 12:0 a.m.•1 views

The vulnerability of the Push API interface on Mozilla Firefox’s browser allows a perpetrator to gain unauthorized access to protected information or cause a service failure.

The vulnerability of the Push API interface of Mozilla Firefox’s browser is related to a lack of mechanisms for verifying input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information or cause service failures...

8.5CVSS7.7AI score0.01605EPSS

Exploits0References7Affected Software3

The Hacker News•added 2021/01/29 2:59 p.m.•38 views

Google uncovers new iOS security feature Apple quietly added after zero-day attacks

Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor," the improved sandbox system for iMessage data was...

0.2AI score

Exploits0