CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1088 matches found

Vulnrichment•added 2023/01/09 2:12 p.m.•7 views

CVE-2023-22477 Mercurius is vulnerable to denial of service (DoS) when using subscriptions

Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...

5.3CVSS6.4AI score0.01056EPSS

Exploits1References3

Cvelist•added 2023/01/09 2:12 p.m.•16 views

CVE-2023-22477 Mercurius is vulnerable to denial of service (DoS) when using subscriptions

5.3CVSS7.6AI score0.01056EPSS

Exploits1References3

OSV•added 2023/01/09 2:12 p.m.•21 views

CVE-2023-22477 Mercurius is vulnerable to denial of service (DoS) when using subscriptions

5.3CVSS7.3AI score0.01056EPSS

Exploits1References5

Prion•added 2022/12/14 9:15 p.m.•19 views

Design/Logic Flaw

An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people...

6.4CVSS9.1AI score0.00651EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2022/12/14 12:0 a.m.•5 views

CVE-2022-47408

9.1CVSS9.2AI score0.00651EPSS

Exploits0References1

CNNVD•added 2022/12/14 12:0 a.m.•2 views

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 fpnewsletter, which stems from the fact that its CAPTCHA can be bypassed leading to many subscriptions...

9.1CVSS8.1AI score0.00651EPSS

Exploits0References3

CVE•added 2022/12/14 12:0 a.m.•64 views

CVE-2022-47408

CVE-2022-47408 – TYPO3 fp_newsletter CAPTCHA bypass is documented across multiple sources. The vulnerability affects the fp_newsletter (Newsletter subscriber management) extension for TYPO3, with affected versions ranging from 1.0 through 1.1.0, 1.2.0, 2.0 through 2.1.1, 2.2.1 through 2.4.0, and ...

9.1CVSS9.1AI score0.00651EPSS

Exploits0References1Affected Software1

CNNVD•added 2022/11/16 12:0 a.m.•4 views

BACKCLICK 安全漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63, which stems from the use of consecutive IDs in the validation link, the...

5.3CVSS5.8AI score0.00612EPSS

Exploits1References4

Positive Technologies•added 2022/11/16 12:0 a.m.•4 views

PT-2022-27067 · Unknown · Backclick Professional

Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered in the newsletter sign-up functionality due to the use of consecutive IDs in verification links. This allows for the enumeration of subscribers' e-mail addresses...

5.3CVSS7.2AI score0.00612EPSS

Exploits1References6

Vulnrichment•added 2022/11/16 12:0 a.m.•8 views

CVE-2022-44005

An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other persons' e-mail...

6.8AI score0.00612EPSS

Exploits1References2

Kitploit•added 2022/10/11 11:30 a.m.•25 views

Monkey365 - Tool For Security Consultants To Easily Conduct Not Only Microsoft 365, But Also Azure Subscriptions And Azure Active Directory Security Configuration Reviews

Monkey365 is an Open Source security tool that can be used to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configuration reviews without the significant overhead of learning tool APIs or complex admin panels from the start. To help with...

7AI score

Exploits0References5

OSV•added 2022/09/15 3:35 a.m.•4 views

GHSA-FPH9-F5R6-VHQF Eclipse Milo vulnerable to Resource Exhaustion (Denial of Service)

Impact Denial of Service Details OPC UA specification describes a concept named Subscriptions. Subscriptions monitor a set of Monitored Items for Notifications and return them to the Client in response to Publish requests. The server notifies the client about changes only in case the value is...

7.5CVSS7.1AI score0.00981EPSS

Exploits0References7

CNNVD•added 2022/09/05 12:0 a.m.•3 views

WordPress plugin Simple Payment Donations & Subscriptions 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

7.2CVSS6.7AI score0.00568EPSS

Exploits2References2

vulnersOsv•added 2022/09/01 6:51 p.m.•3 views

cizohosubscriptions (>=1.0.1 <=1.0.2), code-challenge (>=0.1.0.2 <=0.1.0.8) +7 more potentially affected by CVE-2022-39227 via python-jwt (>=3.2.4 <=3.3.0)

python-jwt PYPI version =3.2.4, =1.0.1, =0.1.0.2, =6.0.0a1, =0.0.3, =1.0.1, =2.0.5, =2.0.6, =2.0.7 - zoho-subscriptions =1.0.1 Source cves: CVE-2022-39227 Source advisory: OSV:PYSEC-2022-259...

9.1CVSS7.2AI score0.03558EPSS

Exploits2

ATTACKERKB•added 2022/08/05 4:15 p.m.•2 views

CVE-2022-2498

An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author...

7.5CVSS7.1AI score0.00685EPSS

Exploits0References4Affected Software1