CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11967 matches found

OSV•added 2023/02/11 12:45 p.m.•9 views

MAL-2023-1647 Malicious code in beutifulsoup (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx f1dfa0882ee26c021dbe459f69acb1c31a8f6141b5df94313b6e806deb2027ee Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score

Exploits0References1

OSV•added 2023/02/11 11:57 a.m.•10 views

MAL-2023-2178 Malicious code in requestts-toolbelt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx a4daf428d7a1ca554f27713fe270eabb55b71597caedb7fe37bd3236965b5279 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score

Exploits0References1

OSV•added 2023/02/11 11:57 a.m.•6 views

MAL-2023-2184 Malicious code in reuests-toolbelt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 100905361a4d05b301a6121d029f5fd00b33b0869f84341bf0b8bf7d414308cc Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score

Exploits0References1

OSV•added 2023/02/10 8:15 p.m.•11 views

MAL-2023-2214 Malicious code in scikit-learnn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 035554ad094b61a66ba40c4b40441e8af4e7cb3f862f7df3e25633af52cf3569 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score

Exploits0References1

OSV•added 2023/02/10 8:15 p.m.•7 views

MAL-2023-2222 Malicious code in scikt-learn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1e9bef88276a424a966a4c39baf6f4fa094eb263ed757a8082a71a36d4860b5e Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score

Exploits0References1

OSV•added 2023/02/10 5:30 p.m.•11 views

MAL-2023-2227 Malicious code in scray (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx fbb35bf10c3af095dc9ea6ef91b21512b9453d7dcc84bb8d0d80d50f8ee3f044 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score

Exploits0References1

OSV•added 2023/02/10 12:45 p.m.•8 views

MAL-2023-1635 Malicious code in beautiifulsoup4 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx f1d72d2bcf09333bf15599a8da6727f5b3a66a8acabe720f81e3fd1532eb2a13 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score

Exploits0References1

OSV•added 2023/02/10 12:42 p.m.•10 views

MAL-2023-1692 Malicious code in coloraa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 457e6379b8bd37c651314a62416a57bea0f7bc6e21903473442219a67440628b Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score

Exploits0References1

OSV•added 2023/02/09 7:9 p.m.•7 views

MAL-2023-2462 Malicious code in yfniance (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1a8f0724e257a37153444c6747aeef306ff749d14643666aa8bdc8d0b7707d90 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score

Exploits0References1

Code423n4•added 2023/02/09 12:0 a.m.•10 views

Upgraded Q -> 3 from #510 [1675932827359]

Judge has assessed an item in Issue 510 as 3 risk. The relevant finding follows: In red are the state transitions that can only be performed with special privileges recreateMinipool: The following transitions will be performed Withdrawable-PreLaunch Error-PreLaunch createMinipool: will perform th...

6.7AI score

Exploits0

OSV•added 2023/02/08 10:36 p.m.•10 views

GHSA-PWCW-6F5G-GXF8 Helm vulnerable to information disclosure via getHostByName Function

A Helm contributor discovered an information disclosure vulnerability using the getHostByName template function. Impact getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the...

4.3CVSS4.5AI score0.00762EPSS

Exploits1References6

Openbugbounty•added 2023/02/03 6:47 a.m.•15 views

soybase.org Cross Site Scripting vulnerability OBB-3177433

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score

Exploits0

Code423n4•added 2023/02/01 12:0 a.m.•9 views

mint() function logic will break with fee-on-transfer(deflationary) tokens

Lines of code Vulnerability details Impact with deflationary token mint function never succeed Proof of Concept mint function checking if balanceAfter totalLiquidity revert CompleteUtilizationError; // next check is for the case when liquidity is borrowed but then was completely accrued if...

6.8AI score

Exploits0

Code423n4•added 2023/01/31 12:0 a.m.•9 views

Successful get balance request to victim contract from attack contract and also costing the victim contract gas fees

Lines of code Vulnerability details Impact Successful get balance request to victim contract from attack contract and also costing the victim contract gas fees One can view the balance of the victim's contract without permission. URL:...

7.1AI score

Exploits0

Code423n4•added 2023/01/30 12:0 a.m.•6 views

mintReceipt could mint receipt after endtime.

Lines of code Vulnerability details Impact mintReceipt could mint receipt after endtime. If owner execute withdrawRemainingTokens user’s receipt that mint after endtime can’t claim. Proof of Concept function withdrawRemainingTokensaddress to public override onlyOwner...

7.1AI score

Exploits0

Fedora•added 2023/01/29 1:35 a.m.•22 views

[SECURITY] Fedora 37 Update: rust-rd-hashd-2.1.2-7.fc37

Latency-sensitive pseudo workload for resctl-demo...

7.8CVSS8AI score0.00782EPSS

Exploits0

Fedora•added 2023/01/29 1:35 a.m.•46 views

[SECURITY] Fedora 37 Update: rust-exa-0.10.1-9.fc37

exa is a modern replacement for the command-line program ls that ships with Unix and Linux operating systems, with more features and better defaults. It uses colours to distinguish file types and metadata. It knows about symlinks, extended attributes, and Git. And it=EF=BF=BD=EF=BF =BD=EF=BF=BDs...

7.8CVSS7.4AI score0.00782EPSS

Exploits0

wpexploit•added 2023/01/23 12:0 a.m.•517 views

Pinpoint Booking System < 2.9.9.2.9 - Subscriber+ SQLi

The plugin does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks. Note: A Calendar is needed if there is not one already. Run the below command in the develope...

8.8CVSS9.1AI score0.00937EPSS

Exploits2

Code423n4•added 2023/01/19 12:0 a.m.•3 views

A user can use the same proof for a commitment more than 1 time

Lines of code Vulnerability details Impact A user can use the same commitment signature and merkleData more than 1 time to obtain another loan. Proof of Concept A user needs to make some procedures to take a loan against an NFT. Normally the user calls commitToLiens in AstariaRouter.sol providing...

6.7AI score

Exploits0