CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6723 matches found

RedhatCVE•added 2022/10/14 5:29 a.m.•108 views

CVE-2022-3140

A vulnerability was found in LibreOffice that affects the Office URI Schemes. These schemes enable browser integration of LibreOffice with the MS SharePoint server. In LibreOffice, the links using the scheme 'vnd.libreoffice.command' could be constructed to call internal macros with arbitrary...

5.3CVSS2.2AI score0.04354EPSS

Exploits0References4

CNNVD•added 2022/10/14 12:0 a.m.•5 views

Gin-Vue-Admin 代码问题漏洞

Gin-Vue-Admin is a full-stack pre-development infrastructure platform based on Vue and Gin development. A code issue vulnerability exists in Gin Vue Admin version v2.5.1 through v2.5.3beta, which stems from not restricting file upload functionality. An attacker can exploit this vulnerability to...

9CVSS8.5AI score0.00946EPSS

Exploits1References3

Tenable Nessus•added 2022/10/14 12:0 a.m.•46 views

SAP BusinessObjects Business Intelligence Platform 4.2 < 4.2 SP9 P10 / 4.3 < 4.3 SP2 P6 Multiple Vulnerabilities

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is prior to 4.2 SP9 P10, 4.3 SP2 P6 or 4.3 SP3. It is, therefore, affected by multiple vulnerabilities: - Under certain conditions an authenticated attacker can get access to OS credentials...

7.6CVSS6.6AI score0.00601EPSS

Exploits0References7

Debian CVE•added 2022/10/13 12:0 a.m.•94 views

CVE-2022-42889

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

9.8CVSS8.8AI score0.99931EPSS

Exploits41

Vulnrichment•added 2022/10/13 12:0 a.m.•4 views

CVE-2022-35612

A cross-site scripting XSS vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field...

5.3AI score0.00438EPSS

Exploits1References1

Tenable Nessus•added 2022/10/13 12:0 a.m.•31 views

Debian DSA-5252-1 : libreoffice - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5252 advisory. - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific t...

6.3CVSS6.6AI score0.04354EPSS

Exploits0References5

NVD•added 2022/10/11 9:15 p.m.•14 views

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.3CVSS0.04354EPSS

Exploits0References5

OSV•added 2022/10/11 9:15 p.m.•4 views

CVE-2022-3140

6.3CVSS7.2AI score0.04354EPSS

Exploits0References5

OSV•added 2022/10/11 9:15 p.m.•4 views

CVE-2022-39800

SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited...

6.1CVSS5.9AI score0.00583EPSS

Exploits0References2

Prion•added 2022/10/11 9:15 p.m.•136 views

Design/Logic Flaw

6.8CVSS6.3AI score0.04354EPSS

Exploits0References5Affected Software3

Prion•added 2022/10/11 9:15 p.m.•18 views

Design/Logic Flaw

5.8CVSS6.2AI score0.00583EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2022/10/11 9:15 p.m.•5 views

CVE-2022-3140

6.3CVSS6.7AI score0.04354EPSS

Exploits0References7Affected Software1

ATTACKERKB•added 2022/10/11 9:15 p.m.•1 views

CVE-2022-39800

6.1CVSS6AI score0.00583EPSS

Exploits0References3Affected Software1

OSV•added 2022/10/11 9:15 p.m.•1 views

UBUNTU-CVE-2022-3140

6.3CVSS7.3AI score0.04354EPSS

Exploits0References5

Japan Vulnerability Notes•added 2022/10/11 8:49 a.m.•2 views

bingo!CMS vulnerable to authentication bypass

Overview bingo!CMS provided by Shift Tech Inc. contains an authentication bypass vulnerability CWE-288 in some of the management functions. Shift Tech Inc. states that attacks exploiting this vulnerability have been observed. Shift Tech Inc. reported this vulnerability to IPA to notify users of i...

9.8CVSS7.3AI score0.01078EPSS

Exploits0References7

VulnCheck KEV•added 2022/10/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-42458

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered...

9.8CVSS7.2AI score0.01078EPSS

Exploits0References1

CVE•added 2022/10/11 12:0 a.m.•1391 views

CVE-2022-3140

CVE-2022-3140 affects The Document Foundation LibreOffice: 7.4.x before 7.4.1 and 7.3.x before 7.3.6. Root cause is insufficient validation of the vnd.libreoffice.command URI scheme, which could be used to call internal macros with arbitrary arguments. When a user clicks the crafted link or a doc...

6.3CVSS7.3AI score0.04354EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2022/10/11 12:0 a.m.•3 views

PT-2022-24998 · Sap · Sap Businessobjects Bi Launchpad

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects BI LaunchPad versions 420, 430 Description: The issue is related to improper sanitization of user inputs, allowing an unauthenticated attacker to execute scripts. This can lead to viewing or modifying information, causing ...

6.1CVSS6.3AI score0.00583EPSS

Exploits0References5