CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

104 matches found

Veracode•added 2023/04/07 10:24 a.m.•15 views

Denial Of Service (DoS)

Unpoly-rails is vulnerable to Denial Of Service. The vulnerability exists due to the use of the request URL as an X-Up-Location response header in requestechoheaders.rb which allows an attacker to cause an application crash through a malicious input...

7.5CVSS7.1AI score0.01034EPSS

Exploits0References7Affected Software1

Prion•added 2023/03/13 10:15 p.m.•12 views

Cross site request forgery (csrf)

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google...

4CVSS6.3AI score0.03857EPSS

Exploits1References2Affected Software1

CNNVD•added 2023/03/13 12:0 a.m.•0 views

ReadtoMyShoe 安全漏洞

ReadtoMyShoe is a web application used for speech-to-text conversion. A security vulnerability exists in ReadtoMyShoe that stems from a request URL containing a Google Cloud API key...

7.4CVSS6.4AI score0.03857EPSS

Exploits1References4

Positive Technologies•added 2022/12/21 12:0 a.m.•3 views

PT-2022-17591 · Unknown · Lite-Dev-Server

Name of the Vulnerable Software and Affected Versions: lite-dev-server versions all Description: The issue arises due to missing input sanitization and the employment of sandboxes to the req.url user input that is passed to the server code, leading to Directory Traversal. Recommendations: For all...

7.5CVSS7.4AI score0.01343EPSS

Exploits1References9

NVD•added 2022/05/26 4:15 p.m.•9 views

CVE-2022-24414

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attac...

7.6CVSS0.00591EPSS

Exploits0References1

NVD•added 2022/05/11 4:15 p.m.•12 views

CVE-2022-23137

ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered...

6.1CVSS0.00513EPSS

Exploits0References1

NVD•added 2022/04/08 8:15 p.m.•18 views

CVE-2021-43009

A Cross Site Scripting XSS vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL...

6.1CVSS0.02227EPSS

Exploits4References2

Prion•added 2021/01/04 2:15 p.m.•11 views

Privilege escalation

IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287...

6.5CVSS6.8AI score0.01053EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/01/04 2:0 p.m.•17 views

CVE-2020-4912

IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287...

4.7CVSS6.8AI score0.01053EPSS

Exploits0References2

ATTACKERKB•added 2021/01/02 12:0 a.m.•1 views

CVE-2020-4912

IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287...

7.2CVSS5.3AI score0.01053EPSS

Exploits0References3Affected Software1

CNVD•added 2020/12/15 12:0 a.m.•13 views

XStream SSRF Vulnerability

XStream is a Java class library , used to serialize objects into XML or deserialize objects , XStream is free software can be distributed in the BSD license learning . XStream SSRF vulnerability, an attacker can exploit this vulnerability by specifying the demand request url in xml can be SSRF...

6.8CVSS6.6AI score0.81045EPSS

Exploits5References1

Cvelist•added 2020/12/09 4:45 p.m.•34 views

CVE-2020-7787 Improper Authentication

This affects all versions of package react-adal. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is cause...

8.2CVSS8AI score0.01266EPSS

Exploits1References2

Cvelist•added 2020/10/01 4:46 p.m.•15 views

CVE-2020-25018

Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization...

7.6AI score0.01125EPSS

Exploits0References2

OSV•added 2020/09/18 2:15 p.m.•2 views

CVE-2020-15769

An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL...

6.1CVSS6.4AI score0.00655EPSS

Exploits0References2

Prion•added 2020/09/18 2:15 p.m.•12 views

Cross site scripting

An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL...

4.3CVSS6AI score0.00655EPSS

Exploits0References2Affected Software1

Veracode•added 2020/07/04 3:14 a.m.•18 views

Cross-site Request Forgery (CSRF)

jenkins is vulnerable to cross-site request forgery CSRF. The vulnerability exists as it uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL...

8.8CVSS5.2AI score0.01993EPSS

Exploits0References3Affected Software27

OSV•added 2020/06/16 10:15 p.m.•2 views

CVE-2020-14210

Reflected Cross-Site Scripting XSS vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking...

6.1CVSS6.3AI score0.00996EPSS

Exploits0References2

NVD•added 2020/06/16 10:15 p.m.•14 views

CVE-2020-14210

6.1CVSS0.00996EPSS

Exploits0References2

Prion•added 2020/06/16 10:15 p.m.•13 views

Cross site scripting

4.3CVSS6AI score0.00996EPSS

Exploits0References2Affected Software2

Cvelist•added 2020/06/16 9:10 p.m.•14 views

CVE-2020-14210