CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2754 matches found

IBM Security Bulletins•added 2024/07/18 10:37 a.m.•50 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution

Summary Salesforce tough-cookie is used by IBM App Connect Enterprise Certified Container for handling cookies. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in...

9.8CVSS8.3AI score0.02139EPSS

Exploits2Affected Software1

OSV•added 2024/07/15 10:4 p.m.•8 views

CGA-Q5CF-973W-VVM9

Bulletin has no description...

9.8CVSS8.4AI score0.01952EPSS

Exploits0

OSV•added 2024/07/15 10:3 p.m.•12 views

CGA-P68W-CM49-2VR4

Bulletin has no description...

5.5CVSS6.3AI score0.00446EPSS

Exploits0

OSV•added 2024/07/15 9:54 p.m.•8 views

CGA-8R26-2374-XP5J

Bulletin has no description...

5.5CVSS6.3AI score0.00446EPSS

Exploits0

OSV•added 2024/07/15 9:53 p.m.•9 views

CGA-5GJX-8HCR-V9R6

Bulletin has no description...

9.8CVSS8.4AI score0.01952EPSS

Exploits0

Openbugbounty•added 2024/07/11 7:14 a.m.•4 views

rebeltec.eu Cross Site Scripting vulnerability OBB-3943762

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score

Exploits0

Rosalinux•added 2024/07/09 12:38 p.m.•20 views

Advisory ROSA-SA-2024-2447

software: cairo 1.16.0 WASP: ROSA-CHROME packageevrstring: cairo-1.16.0-5 CVE-ID: CVE-2019-6461 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is an assertion problem in the cairoarcindirection function in the cairo-arc.c file. CVE-STATUS: Fixed CVE-REV: To close, run the command: sudo dnf update...

6.5CVSS6.8AI score0.02142EPSS

Exploits1

Cvelist•added 2024/07/02 7:50 p.m.•23 views

CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...

0.01427EPSS

Exploits0References5

OSV•added 2024/06/28 2:15 p.m.•1 views

DEBIAN-CVE-2024-29038

tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...

3.3CVSS6.5AI score0.0037EPSS

Exploits1References1

Hacker One•added 2024/06/27 3:45 p.m.•9 views

GitHub: SAML Signature verification bypass allows logging into any user (with specific conditions)

The vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response and gain unauthorized access to the instance, including site administrator privileges, by exploiting a signature verification bypass. The vulnerability affected all versions of...

9.8CVSS6.8AI score0.01527EPSS

Exploits0

NVD•added 2024/06/20 11:15 a.m.•40 views

CVE-2022-48711

In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipcmonrcv allows a node to receive and process domainrecord structs from peer nodes to track their views of the network topology. This patch verifies that t...

5.5CVSS0.00236EPSS

Exploits0References8

OSV•added 2024/06/19 8:15 p.m.•0 views

UBUNTU-CVE-2024-38357

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has bee...

6.1CVSS6.7AI score0.00529EPSS

Exploits0References8

OSV•added 2024/06/19 8:15 p.m.•0 views

UBUNTU-CVE-2024-38356

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from t...

6.1CVSS7.1AI score0.00529EPSS

Exploits0References8

NVD•added 2024/06/12 3:15 p.m.•10 views

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause ...

6.5CVSS0.00736EPSS

Exploits1References2

Openbugbounty•added 2024/06/10 2:33 a.m.•5 views

aparici.com Cross Site Scripting vulnerability OBB-3934349

6.2AI score

Exploits0

OSV•added 2024/06/07 3:3 p.m.•7 views

CGA-MFC3-CQ9Q-528V

Bulletin has no description...

5.5CVSS6.3AI score0.00446EPSS

Exploits0

OSV•added 2024/06/06 7:4 p.m.•19 views

GHSA-3CQF-953P-H5CP Argo-cd authenticated users can enumerate clusters by name

Impact It’s possible for authenticated users to enumerate clusters by name by inspecting error messages: $ curl -k 'https://localhost:8080/api/v1/clusters/in-cluster?id.type=name' -H "Authorization: Bearer $token" "error":"permission denied: clusters, get, , sub: alice, iat:...

4.3CVSS4.3AI score0.00408EPSS

Exploits0References4