CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8429 matches found

OSV•added 2022/02/02 11:15 a.m.•1 views

CVE-2021-36177

An improper access control vulnerability CWE-284 in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database...

4.3CVSS5.8AI score

Exploits0References1

Prion•added 2022/02/01 1:15 p.m.•24 views

Type confusion

The checkprivacysettings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web...

6.8CVSS9.2AI score0.02085EPSS

Exploits2References1Affected Software1

Cvelist•added 2022/02/01 12:21 p.m.•24 views

CVE-2021-24814 WordPress GDPR & CCPA < 1.9.26 - Authenticated Reflected Cross-Site Scripting

9.5AI score0.02085EPSS

Exploits2References1

Huntr•added 2022/01/30 2:41 a.m.•12 views

Cross-site Scripting (XSS) - Stored in liangliangyy/djangoblog

Description Hi there, I would like to report a stored Cross Site Scripting vulnerability in djangoblog source code. Cross-site scripting also known as XSS is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allow...

0.8AI score

Exploits0References1

OpenVAS•added 2022/01/28 12:0 a.m.•24 views

Mageia: Security Advisory (MGASA-2019-0211)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.20271EPSS

Exploits2References5

OpenVAS•added 2022/01/28 12:0 a.m.•18 views

Mageia: Security Advisory (MGASA-2021-0505)

10CVSS7.8AI score0.0383EPSS

Exploits0References5

OpenVAS•added 2022/01/28 12:0 a.m.•29 views

Mageia: Security Advisory (MGASA-2019-0213)

9.8CVSS8.2AI score0.20271EPSS

Exploits4References7

OpenVAS•added 2022/01/28 12:0 a.m.•22 views

Mageia: Security Advisory (MGASA-2019-0268)

9.8CVSS7.7AI score0.0216EPSS

Exploits2References12

OpenVAS•added 2022/01/28 12:0 a.m.•19 views

Mageia: Security Advisory (MGASA-2014-0521)

10CVSS6.4AI score0.20356EPSS

Exploits2References6

OpenVAS•added 2022/01/28 12:0 a.m.•20 views

Mageia: Security Advisory (MGASA-2019-0275)

9.3CVSS7.1AI score0.0216EPSS

Exploits1References4

OpenVAS•added 2022/01/28 12:0 a.m.•23 views

Mageia: Security Advisory (MGASA-2018-0483)

9.8CVSS7.6AI score0.09646EPSS

Exploits0References5

OpenVAS•added 2022/01/28 12:0 a.m.•29 views

Mageia: Security Advisory (MGASA-2015-0062)

7.5CVSS9.6AI score0.02854EPSS

Exploits0References6

OpenVAS•added 2022/01/28 12:0 a.m.•19 views

Mageia: Security Advisory (MGASA-2019-0285)

9.3CVSS7.6AI score0.0216EPSS

Exploits1References5

OpenVAS•added 2022/01/28 12:0 a.m.•28 views

Mageia: Security Advisory (MGASA-2014-0036)

10CVSS9AI score0.07072EPSS

Exploits7References13

OpenVAS•added 2022/01/28 12:0 a.m.•41 views

Mageia: Security Advisory (MGASA-2013-0248)

10CVSS9AI score0.40118EPSS

Exploits14References11

WPVulnDB•added 2022/01/26 12:0 a.m.•24 views

WordPress GDPR & CCPA < 1.9.26 - Authenticated Reflected Cross-Site Scripting

The checkprivacysettings AJAX action of the plugin, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript...

9.6CVSS0.02085EPSS

Exploits2Affected Software1

CNVD•added 2022/01/21 12:0 a.m.•9 views

F5 BIG-IP APM Access Control Error Vulnerability (CNVD-2022-26840)

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. F5 BIG-IP APM suffers from an Access Control Error vulnerability that arises from a connection to the BIG-IP Edge Client on Mac and Windows wh...

5.3CVSS6.7AI score0.00404EPSS

Exploits0References1

ThreatPost•added 2022/01/20 4:50 p.m.•19 views

Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs

A security vulnerability in Apple’s browsers for macOS, iOS and iPadOS can lead to information disclosure, researchers have warned. Apple has just marked the issue as “resolved,” but it will take some time for the fixes to roll out, they said, so users should implement mitigations. According to...

5.7AI score

Exploits0References5

CNNVD•added 2022/01/20 12:0 a.m.•3 views

F5 BIG-IQ 访问控制错误漏洞

F5 BIG-IQ is a software-based cloud management solution from F5 USA. The solution supports the deployment of application delivery and web services across public and private clouds, traditional data centers, and hybrid environments.An access control error vulnerability exists in the F5 BIG-IQ...

9CVSS5.7AI score0.01112EPSS

Exploits0References4

The Hacker News•added 2022/01/16 11:9 a.m.•33 views

New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking

A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed IndexedDB Leaks, was disclosed by fraud protection software...

0.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by