CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

12 matches found

Veracode•added 2023/05/01 10:35 p.m.•13 views

Remote Code Execution (RCE)

dawnsparks-node-tesseract and node-tesseract are vulnerable to Remote Code Execution RCE. Use of the exec method in tesseract.js without sanitization allows an attacker to upload and execute malicious code on the system via the image filename...

9.8CVSS9.6AI score0.04303EPSS

Exploits1References4Affected Software2

OSV•added 2022/07/26 12:1 a.m.•12 views

GHSA-W868-4576-RV24 ntesseract vulnerable to Command Injection

The package ntesseract before 0.2.9 is vulnerable to Command Injection via lib/tesseract.js...

9.8CVSS9.7AI score0.11629EPSS

Exploits1References4

Github Security Blog•added 2022/07/26 12:1 a.m.•19 views

ntesseract vulnerable to Command Injection

The package ntesseract before 0.2.9 is vulnerable to Command Injection via lib/tesseract.js...

9.8CVSS9.3AI score0.11629EPSS

Exploits1References4Affected Software1

NVD•added 2022/07/25 2:15 p.m.•8 views

CVE-2020-28446

The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js...

9.8CVSS0.11629EPSS

Exploits1References2

OSV•added 2022/07/25 2:15 p.m.•12 views

CVE-2020-28446

The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js...

9.8CVSS9.7AI score

Exploits0References2

Prion•added 2022/07/25 2:15 p.m.•10 views

Command injection

The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js...

7.5CVSS9.7AI score0.11629EPSS

Exploits1References2Affected Software1

Cvelist•added 2022/07/25 2:5 p.m.•11 views

CVE-2020-28446 Command Injection

The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js...

9.8CVSS9.8AI score0.11629EPSS

Exploits1References2

CNNVD•added 2022/07/25 12:0 a.m.•1 views

tesseract 命令注入漏洞

tesseract is an open source OCR Optical Character Recognition engine. A security vulnerability exists in tesseract, which stems from a command injection attack injection point in the tesseract.js file...

9.8CVSS8.3AI score0.11629EPSS

Exploits1References3

Github Security Blog•added 2019/06/05 8:48 p.m.•16 views

Insecure Default Configuration in tesseract.js

Versions of tesseract.js prior to 1.0.19 default to using a third-party proxy. Requests may be proxied through crossorigin.me which clearly states is not suitable for production use. This may lead to instability and privacy violations. Recommendation Upgrade to version 1.0.19 or later...

Exploits0References5Affected Software1

OSV•added 2019/06/05 8:48 p.m.•14 views

GHSA-83RX-C8CR-6J8Q Insecure Default Configuration in tesseract.js

Versions of tesseract.js prior to 1.0.19 default to using a third-party proxy. Requests may be proxied through crossorigin.me which clearly states is not suitable for production use. This may lead to instability and privacy violations. Recommendation Upgrade to version 1.0.19 or later...

5.9CVSS7.1AI score

Exploits0References4

Veracode•added 2019/04/02 5:57 a.m.•8 views

Insecure Default Configuration

tesseract.js is vulnerable to insecure default configuration attacks. The vulnerability exists through the default use of the crossorigin.me proxy which allows the potentially unsafe proxy to obtain sensitive data...

Node.js•added 2019/04/01 8:43 p.m.•11 views

Insecure Default Configuration

Overview Versions of tesseract.js prior to 1.0.19 default to using a third-party proxy. Requests may be proxied through crossorigin.me which clearly states is not suitable for production use. This may lead to instability and privacy violations. Recommendation Upgrade to version 1.0.19 or later...

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by