CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11233 matches found

CVE•added 2023/10/19 10:23 p.m.•43 views

CVE-2023-41897

CVE-2023-41897 affects Home Assistant Core. The issue is the absence of HTTP security headers, notably the X-Frame-Options header, which enables clickjacking and creates potential paths for other exploit opportunities within the Home Assistant web interface. Documents consistently describe the ri...

9.6CVSS9.3AI score0.0095EPSS

Exploits0References3Affected Software1

Cvelist•added 2023/10/19 10:23 p.m.•21 views

CVE-2023-41897 Lack of XFO header allows clickjacking in Home Assistant Core

Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks...

8.8CVSS9.8AI score0.0095EPSS

Exploits0References3

OSV•added 2023/10/19 10:23 p.m.•28 views

CVE-2023-41897 Lack of XFO header allows clickjacking in Home Assistant Core

8.8CVSS9.2AI score0.0095EPSS

Exploits0References5

Cvelist•added 2023/10/19 10:2 p.m.•28 views

CVE-2023-44385 Client-Side Request Forgery in Home Assistant iOS/macOS native Apps

The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this...

8.6CVSS8.9AI score0.00284EPSS

Exploits0References1

Rapid7 Blog•added 2023/10/19 8:15 p.m.•65 views

Metasploit Weekly Wrap-Up

That Privilege Escalation Escalated Quickly This release features a module leveraging CVE-2023-22515, a vulnerability in Atlassian’s on-premises Confluence Server first listed as a privilege escalation, but quickly recategorized as a “broken access control” with a CVSS score of 10. The exploit...

7.5CVSS9.5AI score0.99156EPSS

Exploits41

NVD•added 2023/10/19 3:15 p.m.•16 views

CVE-2023-35186

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution...

8.8CVSS8.4AI score0.02181EPSS

Exploits0References2

Prion•added 2023/10/19 3:15 p.m.•20 views

Remote code execution

6.5CVSS8.9AI score0.02181EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/10/19 2:23 p.m.•15 views

CVE-2023-35180 SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API...

8CVSS9AI score0.27367EPSS

Exploits0References2

CVE•added 2023/10/19 2:23 p.m.•73 views

CVE-2023-35182

CVE-2023-35182 affects SolarWinds Access Rights Manager. The flaw is a deserialization of untrusted data in createGlobalServerChannelInternal, enabling unauthenticated remote code execution with SYSTEM privileges on affected ARM installations. NVD notes a CRITICAL/HIGH impact (CVSSv3.1 base score...

9.8CVSS9.6AI score0.02376EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/10/19 2:22 p.m.•21 views

CVE-2023-35184 SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution...

8.8CVSS10AI score0.01414EPSS

Exploits0References2

Vulnrichment•added 2023/10/19 2:21 p.m.•10 views

CVE-2023-35186 SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability

8CVSS8AI score0.02181EPSS

Exploits0References2

CVE•added 2023/10/19 2:21 p.m.•50 views

CVE-2023-35186

SolarWinds Access Rights Manager is affected by a deserialization-based remote code execution vulnerability. The flaw exists in GetParameterFormTemplateWithSelectionState and allows an authenticated attacker to execute arbitrary code in the service context by supplying crafted data. Several trust...

8.8CVSS8.7AI score0.02181EPSS

Exploits0References2Affected Software1

Gentoo Linux•added 2023/10/19 12:0 a.m.•36 views

GNU Mailutils: unexpected processsing of escape sequences

Background GNU Mailutils is a collection of mail-related utilities, including an IMAP4 server imap4d and a Mail User Agent mail. Description A vulnerability has been discovered in GNU Mailutils. Please review the CVE identifier referenced below for details. Impact mail1 from mailutils would proce...

8.1CVSS7AI score0.03621EPSS

Exploits1

Tenable Nessus•added 2023/10/18 12:0 a.m.•16 views

WordPress 4.2.x < 4.2.36 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A potential disclosure of user email addresses. - An RCE POP Chains vulnerability. - A Cross-Site Scripting XSS vulnerability in the post link navigation block. - An issue...

6.6AI score

Exploits0References2

Tenable Nessus•added 2023/10/18 12:0 a.m.•8 views

WordPress 4.7.x < 4.7.27 Multiple Vulnerabilities

6.6AI score

Exploits0References2

Tenable Nessus•added 2023/10/18 12:0 a.m.•15 views

WordPress 4.1.x < 4.1.39 Multiple Vulnerabilities

6.6AI score

Exploits0References2

Tenable Nessus•added 2023/10/18 12:0 a.m.•107 views

WordPress 5.2.x < 5.2.19 Multiple Vulnerabilities