CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6884 matches found

CNNVD•added 2022/02/08 12:0 a.m.•4 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a resource mishandling vulnerability that stems from the way the browser handles XSL documents. An attacker could use the vulnerability to trick a victim into loading a...

8.8CVSS8.4AI score0.00586EPSS

Exploits0References7

Huntr•added 2022/02/06 9:6 p.m.•43 views

Exposure of Sensitive Information to an Unauthorized Actor in eventsource/eventsource

Exposure of Sensitive Information to an Unauthorized Actor in EventSource/eventsource Reported on Feb 6th 2022 | Timothee Desurmont Vulnerability type: CWE-200 Bug Cookies & Authorisation headers are leaked to external sites. Description When fetching an url with a link to an external site...

5.8CVSS0.5AI score0.01686EPSS

Exploits1

Prion•added 2022/02/01 1:15 p.m.•24 views

Type confusion

The checkprivacysettings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web...

6.8CVSS9.2AI score0.02053EPSS

Exploits2References1Affected Software1

Huntr•added 2022/01/30 2:41 a.m.•12 views

Cross-site Scripting (XSS) - Stored in liangliangyy/djangoblog

Description Hi there, I would like to report a stored Cross Site Scripting vulnerability in djangoblog source code. Cross-site scripting also known as XSS is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allow...

0.8AI score

Exploits0References1

OpenVAS•added 2022/01/28 12:0 a.m.•28 views

Mageia: Security Advisory (MGASA-2014-0036)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9AI score0.07072EPSS

Exploits7References13

OpenVAS•added 2022/01/28 12:0 a.m.•18 views

Mageia: Security Advisory (MGASA-2021-0505)

10CVSS7.8AI score0.0383EPSS

Exploits0References5

OpenVAS•added 2022/01/28 12:0 a.m.•19 views

Mageia: Security Advisory (MGASA-2014-0521)

10CVSS6.4AI score0.20356EPSS

Exploits2References6

OpenVAS•added 2022/01/28 12:0 a.m.•29 views

Mageia: Security Advisory (MGASA-2015-0062)

7.5CVSS9.6AI score0.02854EPSS

Exploits0References6

OpenVAS•added 2022/01/28 12:0 a.m.•22 views

Mageia: Security Advisory (MGASA-2018-0483)

9.8CVSS7.6AI score0.09646EPSS

Exploits0References5

OpenVAS•added 2022/01/28 12:0 a.m.•19 views

Mageia: Security Advisory (MGASA-2019-0275)

9.3CVSS7.1AI score0.0216EPSS

Exploits1References4

OpenVAS•added 2022/01/28 12:0 a.m.•18 views

Mageia: Security Advisory (MGASA-2019-0285)

9.3CVSS7.6AI score0.0216EPSS

Exploits1References5

OpenVAS•added 2022/01/28 12:0 a.m.•23 views

Mageia: Security Advisory (MGASA-2019-0211)

9.8CVSS7.8AI score0.20271EPSS

Exploits2References5

OpenVAS•added 2022/01/28 12:0 a.m.•40 views

Mageia: Security Advisory (MGASA-2013-0248)

10CVSS9AI score0.40381EPSS

Exploits14References11

OpenVAS•added 2022/01/28 12:0 a.m.•29 views

Mageia: Security Advisory (MGASA-2019-0213)

9.8CVSS8.2AI score0.20271EPSS

Exploits4References7

OpenVAS•added 2022/01/28 12:0 a.m.•22 views

Mageia: Security Advisory (MGASA-2019-0268)

9.8CVSS7.7AI score0.0216EPSS

Exploits2References12

WPVulnDB•added 2022/01/26 12:0 a.m.•24 views

WordPress GDPR & CCPA < 1.9.26 - Authenticated Reflected Cross-Site Scripting

The checkprivacysettings AJAX action of the plugin, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript...

9.6CVSS0.02053EPSS

Exploits2Affected Software1

CNVD•added 2022/01/21 12:0 a.m.•9 views

F5 BIG-IP APM Access Control Error Vulnerability (CNVD-2022-26840)

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. F5 BIG-IP APM suffers from an Access Control Error vulnerability that arises from a connection to the BIG-IP Edge Client on Mac and Windows wh...

5.3CVSS6.7AI score0.00404EPSS

Exploits0References1

ThreatPost•added 2022/01/20 4:50 p.m.•19 views

Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs

A security vulnerability in Apple’s browsers for macOS, iOS and iPadOS can lead to information disclosure, researchers have warned. Apple has just marked the issue as “resolved,” but it will take some time for the fixes to roll out, they said, so users should implement mitigations. According to...

5.7AI score

Exploits0References5

The Hacker News•added 2022/01/16 11:9 a.m.•33 views

New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking

A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed IndexedDB Leaks, was disclosed by fraud protection software...

0.1AI score

Exploits0

Veracode•added 2022/01/15 12:19 a.m.•40 views

Authorization Bypass

Google Chrome is vulnerable to authorization bypass. This is because the insufficient policy enforcement in background fetch in prior to 96.0.4664.45 allows a remote attacker to bypass same origin policy via a crafted HTML page...

8.8CVSS3.4AI score0.00805EPSS

Exploits0References6Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by