CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7077 matches found

Tenable Nessus•added 2024/02/12 12:0 a.m.•38 views

Rocky Linux 8 : tomcat (RLSA-2024:0539)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:0539 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82...

7.5CVSS6.9AI score0.02651EPSS

Exploits0References3

Talos Blog•added 2024/02/08 1:0 p.m.•30 views

New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization

By Jungsoo An, Wayne Lee and Vanja Svajcer. Cisco Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named...

8.2AI score

Exploits0

GithubExploit•added 2024/02/08 7:3 a.m.•531 views

Exploit for Injection in Vm2_Project Vm2

CVE-2023-30547 This is a Proof-of-Concept to CVE-2023-30547 h...

10CVSS9.3AI score0.72087EPSS

Exploits5

Kitploit•added 2024/02/07 11:30 a.m.•41 views

BounceBack - Stealth Redirector For Your Red Team Operation Security

BounceBack is a powerful, highly customizable and configurable reverse proxy with WAF functionality for hiding your C2/phishing/etc infrastructure from blue teams, sandboxes, scanners, etc. It uses real-time traffic analysis through various filters and their combinations to hide your tools from...

6.9AI score

Exploits0References11

NVD•added 2024/02/06 8:15 a.m.•31 views

CVE-2023-32479

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by...

7.8CVSS6.9AI score0.00087EPSS

Exploits3References1

OSV•added 2024/02/06 8:15 a.m.•1 views

CVE-2023-32479

7.8CVSS5.8AI score0.00087EPSS

Exploits3References1

Prion•added 2024/02/06 8:15 a.m.•21 views

Privilege escalation

4.3CVSS7.5AI score0.00087EPSS

Exploits3References1Affected Software3

Vulnrichment•added 2024/02/06 8:9 a.m.•19 views

CVE-2023-32479

6.7CVSS7.7AI score0.00087EPSS

Exploits3References1

Tenable Nessus•added 2024/02/06 12:0 a.m.•40 views

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2024-017)

The version of tomcat installed on the remote host is prior to 8.5.69-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2024-017 advisory. 2024-02-15: CVE-2021-30640 was added to this advisory. 2024-02-15: CVE-2021-33037 was added to this advisory. A...

6.5CVSS7.3AI score0.75353EPSS

Exploits4References8

Tenable Nessus•added 2024/02/05 12:0 a.m.•36 views

Fedora 39 : python-aiohttp (2024-f249b74f03)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f249b74f03 advisory. Security update for CVE-2024-23334 and CVE-2024-23829 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.2...

7.5CVSS7.3AI score0.76875EPSS

Exploits16References3

Packet Storm•added 2024/02/02 12:0 a.m.•272 views

WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution

Exploit Title: WebCatalog 48.4 - Arbitrary Protocol Execution Date: 9/27/2023 Exploit Author: ItsSixtyN3in Vendor Homepage: https://webcatalog.io/en/ Software Link: https://cdn-2.webcatalog.io/webcatalog/WebCatalog%20Setup%2052.3.0.exe Version: 48.4.0 Tested on: Windows CVE : CVE-2023-42222...

8.8CVSS7.4AI score0.01418EPSS

Exploits4

IBM Security Bulletins•added 2024/01/31 1:40 p.m.•21 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to snappy-java information disclosure vulnerabilitiy [CVE-2023-20883]

Summary Potential VMware Tanzu Spring Boot denial of service, vulnerability caused by a flaw when Spring MVC is used together with a reverse proxy cache have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details fo...

7.5CVSS8.2AI score0.00904EPSS

Exploits0Affected Software1

SUSE CVE•added 2024/01/31 2:54 a.m.•4 views

SUSE CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

5.9CVSS6.8AI score0.76875EPSS

Exploits15References4

RedhatCVE•added 2024/01/30 9:21 a.m.•37 views

CVE-2024-23334

A flaw was found in aiohttp. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symbolic links outside the static root directory. When...

5.9CVSS6.7AI score0.76875EPSS

Exploits15References4

OSV•added 2024/01/29 11:15 p.m.•5 views

AZL-43552 CVE-2024-23334 affecting package python-aiohttp 3.6.2-3

7.5CVSS6.6AI score0.76875EPSS

Exploits15References1

OSV•added 2024/01/29 11:15 p.m.•1 views

DEBIAN-CVE-2024-23334

7.5CVSS6.7AI score0.76875EPSS

Exploits15References1

NVD•added 2024/01/29 11:15 p.m.•23 views

CVE-2024-23334