CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8429 matches found

Veracode•added 2022/01/15 12:19 a.m.•40 views

Authorization Bypass

Google Chrome is vulnerable to authorization bypass. This is because the insufficient policy enforcement in background fetch in prior to 96.0.4664.45 allows a remote attacker to bypass same origin policy via a crafted HTML page...

8.8CVSS3.4AI score0.00805EPSS

Exploits0References6Affected Software2

Huntr•added 2022/01/12 6:23 a.m.•21 views

Exposure of Sensitive Information to an Unauthorized Actor in feross/simple-get

BUG ====== Cookie header leaked to third party site and it allow to hijack victim account SUMMURY ============ When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to...

5CVSS8.1AI score0.02024EPSS

Exploits1

Huntr•added 2022/01/06 12:21 p.m.•28 views

in lquixada/cross-fetch

4CVSS0.0112EPSS

Exploits1

Huntr•added 2022/01/05 3:9 p.m.•28 views

in follow-redirects/follow-redirects

4.3CVSS0.2AI score0.02426EPSS

Exploits2

OSV•added 2022/01/04 4:15 p.m.•4 views

CVE-2022-20022

In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. Use...

6.5CVSS6.7AI score0.00267EPSS

Exploits0References1

ATTACKERKB•added 2022/01/04 4:15 p.m.•5 views

CVE-2022-20022

6.5CVSS6.8AI score0.00267EPSS

Exploits0References2

wpexploit•added 2022/01/04 12:0 a.m.•131 views

Futurio Extra < 1.6.3 - Authenticated SQL Injection

The plugin is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting XSS against logged in admins by making send open a malicious link Using SQLi to extract database variables:...

4CVSS0.2AI score0.00832EPSS

Exploits2

Tenable Nessus•added 2022/01/04 12:0 a.m.•46 views

Debian DLA-2874-1 : thunderbird - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2874 advisory. - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash...

10CVSS8.5AI score0.0383EPSS

Exploits0References51

Tenable Nessus•added 2022/01/03 12:0 a.m.•38 views

Debian DSA-5034-1 : thunderbird - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5034 advisory. Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code, spoofing, information disclosure, downgrade...

10CVSS7.6AI score0.0383EPSS

Exploits0References52

Tenable Nessus•added 2021/12/29 12:0 a.m.•48 views

Debian DLA-2863-1 : firefox-esr - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2863 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information...

10CVSS7.7AI score0.0383EPSS

Exploits0References37

Huntr•added 2021/12/27 3:26 a.m.•11 views

Cross-Site Request Forgery (CSRF) in thorsten/phpmyfaq

Description Hi there phpmyfaq team, I would like to report a Cross site request Forgery in phpmyfaq. It is in publishing question. Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to...

6.9AI score

Exploits0References1

OSV•added 2021/12/23 1:15 a.m.•4 views

CVE-2021-38016