CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2023/03/28 7:15 p.m.•26 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 1.1.4 Build 20211022 rel.591035553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue...

5.8CVSS8.8AI score0.00598EPSS

Amazon•added 2023/03/22 12:0 a.m.•3 views

Medium: protobuf

Issue Overview: A flaw was found in protobuf. The vulnerability occurs due to incorrect parsing of a NULL character in the proto symbol and leads to a Null pointer dereference. This flaw allows an attacker to execute unauthorized code or commands, read memory, modify memory. CVE-2021-22570 Affect...

6.5CVSS6.8AI score0.00138EPSS

Tenable Nessus•added 2023/03/21 12:0 a.m.•35 views

Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2023-064)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-064 advisory. A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the...

7.8CVSS6.4AI score0.01725EPSS

Exploits2References6

CNVD•added 2023/03/13 12:0 a.m.•7 views

Fortinet FortiAnalyzer Command Execution Vulnerability

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

7.3CVSS7.2AI score0.00333EPSS

CNVD•added 2023/03/13 12:0 a.m.•23 views

Fortinet FortiWeb OS Command Injection Vulnerability (CNVD-2023-18291)

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. An operating system command injection...

8.8CVSS9.3AI score0.00581EPSS

NVD•added 2023/03/07 5:15 p.m.•10 views

CVE-2023-25611

A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names...

7.3CVSS5.5AI score0.00333EPSS

OSV•added 2023/03/07 5:15 p.m.•0 views

CVE-2022-40676

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized co...

5.4CVSS5.9AI score

NVD•added 2023/03/07 5:15 p.m.•18 views

CVE-2022-40676

7.5CVSS7.7AI score0.00558EPSS

Prion•added 2023/03/07 5:15 p.m.•18 views

Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP...

6.5CVSS8.8AI score0.00581EPSS

Prion•added 2023/03/07 5:15 p.m.•14 views

Input validation

4.1CVSS7.3AI score0.00333EPSS

CVE•added 2023/03/07 4:4 p.m.•37 views

CVE-2022-40676

Fortinet FortiNAC is affected by CVE-2022-40676 due to improper neutralization of input during web page generation, enabling cross-site scripting (XSS) via specially crafted HTTP requests. Affected FortiNAC versions include 8.3.7, 8.5.0–8.5.4, 8.6.0–8.6.5, 8.7.0–8.7.6, 8.8.0–8.8.11, 9.1.0–9.1.8, ...

7.5CVSS5.8AI score0.00558EPSS

Cvelist•added 2023/03/07 4:4 p.m.•18 views

CVE-2022-40676

7.5CVSS7.9AI score0.00558EPSS

Vulnrichment•added 2023/03/07 4:4 p.m.•14 views

CVE-2022-40676

7.5CVSS7.4AI score0.00558EPSS

Cvelist•added 2023/03/07 4:4 p.m.•12 views

CVE-2022-39951

7.2CVSS9.1AI score0.00581EPSS

CVE•added 2023/03/07 4:4 p.m.•55 views

CVE-2022-39951

FortiWeb is affected by an OS command injection vulnerability (CVE-2022-39951) in Fortinet FortiWeb versions 7.0.0–7.0.2, 6.3.6–6.3.20, and 6.4 all versions. The issue is described as improper neutralization of special elements used in an OS command, enabling an attacker to execute unauthorized c...

8.8CVSS8.9AI score0.00581EPSS

Cvelist•added 2023/03/07 4:4 p.m.•11 views

CVE-2023-25611

4CVSS7.5AI score0.00333EPSS

Vulnrichment•added 2023/03/07 4:4 p.m.•11 views

CVE-2023-25611

4CVSS7.2AI score0.00333EPSS

Hive Pro Threat Advisories•added 2023/03/06 11:37 a.m.•16 views

Actors, Threats and Vulnerabilities 27 February to 5 March 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs discovered six actors that have been active in the past week. TA866, APT-C-61, and DEV-0569 are cybercrime groups that focus on Financial gain. The other three...

2.3AI score

Amazon•added 2023/02/21 12:0 a.m.•31 views

Medium: protobuf

6.5CVSS6.8AI score0.00138EPSS