CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1273 matches found

GithubExploit•added 2024/09/05 9:1 a.m.•293 views

Exploit for Use of Hard-coded Credentials in Solarwinds Web_Help_Desk

Description : The SolarWinds Web Help Desk WHD software is...

9.1CVSS9.6AI score0.93159EPSS

Exploits5

OSV•added 2024/09/02 6:15 p.m.•2 views

DEBIAN-CVE-2024-45306

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...

5.5CVSS5AI score0.00298EPSS

Exploits0References1

OSV•added 2024/09/02 5:15 a.m.•6 views

CVE-2024-20089

In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526...

7.5CVSS6.9AI score0.00306EPSS

Exploits0References1

OSV•added 2024/08/21 10:15 a.m.•4 views

CVE-2023-49198

Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users...

7.5CVSS5.9AI score

Exploits0References2

Positive Technologies•added 2024/08/13 12:0 a.m.•3 views

PT-2024-8567 · Adobe · Indesign

Name of the Vulnerable Software and Affected Versions: Adobe InDesign versions ID18.5.2 and earlier Adobe InDesign version ID19.4 Description: The issue is related to a heap-based buffer overflow in dynamic memory, which could allow an attacker to execute arbitrary code. Exploitation of this issu...

7.8CVSS8.4AI score0.00361EPSS

Exploits0References5

Positive Technologies•added 2024/08/01 12:0 a.m.•4 views

PT-2024-18813 · WordPress · Remote Content Shortcode

Name of the Vulnerable Software and Affected Versions: Remote Content Shortcode plugin for WordPress versions up to, and including, 1.5 Description: The issue allows authenticated attackers with contributor-level access and above to make web requests to arbitrary locations originating from the we...

6.4CVSS6.2AI score0.0026EPSS

Exploits0References6

SUSE CVE•added 2024/07/16 2:36 a.m.•1 views

SUSE CVE-2024-38528

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such ...

7.5CVSS7AI score0.00717EPSS

Exploits0References4

Positive Technologies•added 2024/07/10 12:0 a.m.•5 views

PT-2024-12490 · Ibm · Ibm Security Qradar Edr

Name of the Vulnerable Software and Affected Versions: IBM Security QRadar EDR version 3.12 Description: A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. This issue allows for HTML...

5.4CVSS5.6AI score0.00306EPSS

Exploits0References9

OSV•added 2024/07/07 9:19 p.m.•26 views

CGA-R3C7-44CM-2PR4

Bulletin has no description...

7.5CVSS5.9AI score0.01049EPSS

Exploits0

OSV•added 2024/07/04 2:34 p.m.•17 views

CGA-GMX5-7VHC-85F8

Bulletin has no description...

7.5CVSS7.1AI score0.01414EPSS

Exploits0

SonicWall•added 2024/07/01 6:12 p.m.•23 views

CVE-2024-6387: regreSSHion RCE in OpenSSH Vulnerability

A signal handler race condition was found in OpenSSH's server sshd, where a client does not authenticate within LoginGraceTime seconds 120 by default, 600 in old OpenSSH versions, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are n...

8.1CVSS7.7AI score0.99506EPSS

Exploits68

OSV•added 2024/07/01 5:15 a.m.•3 views

CVE-2024-20080

In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08720039; Issue ID: MSV-1424...

9.8CVSS7.6AI score0.00285EPSS

Exploits0References1

OSV•added 2024/07/01 5:15 a.m.•6 views

CVE-2024-20081

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08719602; Issue ID: MSV-1412...

6.7CVSS7.1AI score0.00217EPSS

Exploits0References1

IBM Security Bulletins•added 2024/06/21 2:52 p.m.•22 views

Security Bulletin: IBM Resilient SOAR is vulnerable to command injection (CVE-2024-38319)

Summary It was possible for a privileged user to inject malicious commands that could be executed as another user. This issue has been addressed. Vulnerability Details CVEID:CVE-2024-38319 DESCRIPTION: IBM Security SOAR could allow an authenticated user to execute malicious code loaded from a...

8.8CVSS7.6AI score0.0046EPSS

Exploits0Affected Software1

OSV•added 2024/06/19 1:4 p.m.•20 views

CGA-25XR-Q758-V6Q8

Bulletin has no description...

2.7CVSS5.1AI score0.00649EPSS

Exploits0

OSV•added 2024/06/06 12:30 p.m.•9 views

CGA-XVM9-7MPM-M47W

Bulletin has no description...

5.4CVSS7.5AI score0.00795EPSS

Exploits0