CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

332 matches found

ATTACKERKB•added 2022/08/27 9:15 p.m.•1 views

CVE-2022-38794

Zaver through 2020-12-15 allows directory traversal via the GET /.. substring...

7.5CVSS5.8AI score0.49013EPSS

Exploits1References3

CNNVD•added 2022/08/27 12:0 a.m.•1 views

Zaver 路径遍历漏洞

Zaver is a fast and efficient HTTP server for individual developers. A security vulnerability exists in Zaver version 2020-12-15 and earlier that stems from allowing directory traversal via substrings...

7.5CVSS6.8AI score0.49013EPSS

Exploits1References2

OSV•added 2022/05/17 12:53 a.m.•13 views

GHSA-2M9R-PM7Q-WR6F GeniXCMS denial of service (account blockage)

GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service account blockage by leveraging the mishandling of certain username substring relationships, such as the admin username versus the admin username, related to register.php, User.class.php, and Type.class.php...

5.3CVSS5.2AI score0.00608EPSS

Exploits1References5

OSV•added 2022/03/28 2:15 a.m.•19 views

CVE-2021-44212

OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring...

6.1CVSS5.8AI score

Exploits0References2

NVD•added 2021/12/13 4:15 a.m.•7 views

CVE-2021-40857

Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring...

8.8CVSS0.01393EPSS

Exploits4References3

0day.today•added 2021/10/19 12:0 a.m.•329 views

Online Motorcycle (Bike) Rental System 1.0 - Blind Time-Based SQL Injection Exploit

Exploit Title: Online Motorcycle Bike Rental System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Chase ComardelleCASO Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html Software Link:...

7.4AI score

Exploits0

CNNVD•added 2021/10/11 12:0 a.m.•1 views

Suse Check_smart 输入验证错误漏洞

Suse Checksmart is a monitoring plugin from Suse Luxembourg. It is used to monitor the value of the Smart Self-Monitoring, Analysis and Reporting Technology attribute of hard and solid state drives in the background using Smartmontool's Smartctl. A security vulnerability exists in versions of...

7.1CVSS7.1AI score0.00124EPSS

Exploits1References5

NVD•added 2021/05/24 8:15 p.m.•5 views

CVE-2021-33525

EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution by authenticated users via shell metacharacters in the nagiospath parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell...

9CVSS0.06734EPSS

Exploits1References2

PyPA•added 2021/05/14 8:15 p.m.•4 views

PYSEC-2021-743

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via CHECK-fail in tf.strings.substr with invalid arguments. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3,...

5.5CVSS6.8AI score0.0002EPSS

Exploits1References4Affected Software1

OSV•added 2021/05/14 8:15 p.m.•0 views

PYSEC-2021-743

5.5CVSS5.9AI score0.0002EPSS

Exploits1References4

OSV•added 2021/02/22 2:15 a.m.•1 views

DEBIAN-CVE-2021-26120

Smarty before 3.1.39 allows code injection via an unexpected function name after a function name= substring...

9.8CVSS6.5AI score0.7558EPSS

Exploits1References1

OSV•added 2021/02/22 2:15 a.m.•0 views

UBUNTU-CVE-2021-26120

Smarty before 3.1.39 allows code injection via an unexpected function name after a function name= substring...

9.8CVSS6.6AI score0.7558EPSS

Exploits1References6

Prion•added 2021/01/17 8:15 p.m.•8 views

Design/Logic Flaw

An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page...

4.3CVSS5.8AI score0.00359EPSS

Exploits1References2Affected Software1

OSV•added 2021/01/12 8:15 a.m.•1 views

CVE-2020-24700

OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring...

5.4CVSS5.9AI score

Exploits0References4

RedHat Linux•added 2020/12/08 8:55 a.m.•1 views

hawtio: server side request forgery via initial /proxy/ substring of a URI

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI...

9.8CVSS5.9AI score0.00825EPSS

Exploits3References4

Veracode•added 2020/10/29 9:51 p.m.•22 views

Authentication Bypass

gosa is vulnerable to authentication bypass. An attacker is able to authenticate as any user using a username containing the case-insensitive substring success with an arbitrary password...

9.8CVSS3.9AI score0.00375EPSS

Exploits0References2Affected Software1

PyPA•added 2020/10/17 8:15 p.m.•8 views

PYSEC-2020-59

DISPUTED TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the nonetwork setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxm...

9.8CVSS7AI score0.0046EPSS

Exploits2References4Affected Software1