CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

In KioWare for Windows versions all through 8.34 it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may launch any other programs. ...

7CVSS5.8AI score0.00084EPSS

Exploits0References3

RedHat Linux•added 2024/04/30 9:50 a.m.•2 views

xorg-x11-server: SELinux unlabeled GLX PBuffer

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource as with a GetGeometry or when it creates another resource that needs to access that buffer, such as...

5.5CVSS5.8AI score0.00017EPSS

Exploits0References4

OSV•added 2024/04/09 2:15 p.m.•0 views

CVE-2023-6317

A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51...

9.8CVSS5.8AI score0.00097EPSS

Exploits1References2

OSV•added 2024/03/29 2:57 p.m.•4 views

CVE-2024-29201 JumpServer's insecure Ansible playbook validation leads to RCE in Celery

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has databas...

9.9CVSS8.9AI score0.66493EPSS

Exploits1References4

wpexploit•added 2022/09/05 12:0 a.m.•613 views

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make a logged in admin open a page containing the HTML code below input type="text" name="ip11" value="...

4.3CVSS1.2AI score0.00112EPSS

Exploits2

OSV•added 2022/07/28 5:31 a.m.•0 views

USN-5535-1 Intel Microcode vulnerabilities

Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. CVE-2021-0145 Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug...

6.8CVSS6.8AI score0.00686EPSS

Exploits0References11

Rapid7 Blog•added 2022/07/26 5:15 p.m.•130 views

CVE-2022-35629..35632 Velociraptor Multiple Vulnerabilities (FIXED)

This advisory covers a number of issues identified in Velociraptor and disclosed by a security code review performed by Tim Goddard from CyberCX. We also thank Rhys Jenkins for working with the Velociraptor team to identify and rectify these issues. All of these identified issues have been fixed ...

0.2AI score0.00542EPSS

Exploits0

OSV•added 2022/05/12 5:15 p.m.•0 views

UBUNTU-CVE-2022-21151

Processor optimization removal or modification of security-critical code for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

5.5CVSS6.9AI score0.00054EPSS

Exploits0References6

CNNVD•added 2022/02/28 12:0 a.m.•1 views

WordPress plugin StatCounter 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress StatCounter plugin version 2.0.7 previously had a cross-site scripting vulnerability, which originate...

4.8CVSS5.6AI score0.00206EPSS

Exploits2References4