CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1273 matches found

OSV•added 2024/11/15 5:15 p.m.•2 views

CVE-2021-1483

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper handling of XML External Entity XXE entries when the affected...

6.4CVSS5.8AI score

Exploits0References3

SUSE Linux•added 2024/11/11 8:34 a.m.•2 views

Security update for expat

This update for expat fixes the following issues: CVE-2024-50602: Fixed a denial of service via XMLResumeParser bsc1232579. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command...

5.6CVSS7.3AI score0.0104EPSS

Exploits0References4

OSV•added 2024/11/07 5:15 p.m.•6 views

CVE-2024-10964

A vulnerability classified as critical has been found in emqx neuron up to 2.10.0. Affected is the function handleaddplugin in the library cmd.library of the file plugins/restful/pluginhandle.c. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. It is...

9.8CVSS7.3AI score

Exploits0References6

Amazon•added 2024/10/31 12:0 a.m.•5 views

Important: libarchive

Issue Overview: executefilteraudio in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. CVE-2024-48957 executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds...

7.8CVSS6.8AI score0.00551EPSS

Exploits2

Github Security Blog•added 2024/10/22 6:32 p.m.•5 views

Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console

The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently...

9.6CVSS6.6AI score0.00218EPSS

Exploits0References3Affected Software2

OSV•added 2024/10/16 7:15 p.m.•2 views

DEBIAN-CVE-2024-45796

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this behavior.This iss...

5.3CVSS8.3AI score0.00475EPSS

Exploits0References1

OSV•added 2024/10/15 2:8 p.m.•4 views

GHSA-F8X4-F32R-W556 Duplicate Advisory: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6jgw-rgmm-7cv6. This link is maintained to preserve external references. Original Advisory The family of functions to read "borrowed" values from Python weak references were fundamentally unsound, because the we...

4.8CVSS6.8AI score

Exploits0References3

Debian•added 2024/10/07 6:20 p.m.•20 views

[SECURITY] [DLA 3912-1] linux security update

Debian LTS Advisory DLA-3912-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings October 07, 2024 https://wiki.debian.org/LTS Package : linux Version : 5.10.226-1 CVE ID : CVE-2021-3669 CVE-2022-48733 CVE-2023-31083 CVE-2023-52889 CVE-2024-27397 CVE-2024-38577...

8.4CVSS6.7AI score0.00879EPSS

Exploits6

Positive Technologies•added 2024/10/04 12:0 a.m.•4 views

PT-2024-29431 · Cadclick · Cadclick

Name of the Vulnerable Software and Affected Versions: CADClick versions 1.11.0 and earlier Description: A reflected cross-site scripting XSS vulnerability is present in "Artikel.aspx" in CADClick, allowing remote attackers to inject arbitrary web script or HTML via the searchindex parameter. Thi...

5.4CVSS5.5AI score0.00388EPSS

Exploits1References9

Positive Technologies•added 2024/10/02 12:0 a.m.•2 views

PT-2024-38966 · WordPress · Social Web Suite – Social Media Auto Post

Name of the Vulnerable Software and Affected Versions: The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress versions up to, and including, 4.1.11 Description: The issue concerns a Directory Traversal vulnerability, which allows unauthenticated attackers to...

7.5CVSS7.3AI score0.00946EPSS

Exploits0References13

OSV•added 2024/09/25 5:33 a.m.•7 views

CGA-RC47-529W-379H

Bulletin has no description...

7.5CVSS7.1AI score0.01037EPSS

Exploits0

OSV•added 2024/09/25 5:27 a.m.•8 views

CGA-JJP3-5CMX-W4RW

Bulletin has no description...

6.1CVSS6.3AI score0.00312EPSS

Exploits0