CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2754 matches found

Cvelist•added 2023/11/14 8:59 p.m.•20 views

CVE-2023-47630 Attacker can cause Kyverno user to unintentionally consume insecure image

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...

7.1CVSS7.3AI score0.00261EPSS

Exploits0References1

Openbugbounty•added 2023/11/14 1:17 a.m.•8 views

thomasmuenz.de Improper Access Control vulnerability OBB-3780308

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.9AI score

Exploits0

Positive Technologies•added 2023/11/14 12:0 a.m.•1 views

PT-2023-7370 · Adobe · After Effects

Name of the Vulnerable Software and Affected Versions: Adobe After Effects versions 24.0.2 and earlier Adobe After Effects versions 23.6 and earlier Description: The issue is related to an out-of-bounds read vulnerability in Adobe After Effects when parsing a crafted file. This could result in a...

7.8CVSS7.4AI score0.00397EPSS

Exploits0References5

Positive Technologies•added 2023/11/14 12:0 a.m.•5 views

PT-2023-6942

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the November 2023 patch Description A security-feature bypass vulnerability in Microsoft Windows SmartScreen allows attackers to bypass security measures, potentially leading to the execution of malicious...

10CVSS7.4AI score0.88196EPSS

Exploits2References205

Openbugbounty•added 2023/11/13 9:3 p.m.•3 views

fernandobuscaglia.com.ar Improper Access Control vulnerability OBB-3779750

6.9AI score

Exploits0

OSV•added 2023/11/13 8:42 p.m.•2 views

CLSA-2023-1699908139 exim: Fix of CVE-2022-3559

CVE-2022-3559: Fix $regex use-after-free...

7.5CVSS7.3AI score0.03661EPSS

Exploits0References1

Openbugbounty•added 2023/11/07 6:6 a.m.•3 views

darrylmappin.com Cross Site Scripting vulnerability OBB-3774447

6.2AI score

Exploits0

OSV•added 2023/11/06 11:8 p.m.•6 views

MGASA-2023-0310 Updated libsndfile packages fix a security vulnerability

Add upstream patch to fix CVE-2022-33065...

7.8CVSS7.5AI score0.00365EPSS

Exploits1References3

Openbugbounty•added 2023/11/03 7:49 p.m.•6 views

saarmetalgroup.de Improper Access Control vulnerability OBB-3772673

7AI score

Exploits0

OSV•added 2023/11/03 12:49 p.m.•9 views

SUSE-SU-2023:4363-1 Security update for poppler

This update for poppler fixes the following issues: - CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file bsc1214726. - CVE-2023-34872: Fixed a remote denial-of-service in Outline.cc bsc1213888...

6.5CVSS6AI score0.00902EPSS

Exploits2References5

Openbugbounty•added 2023/10/31 6:18 p.m.•13 views

froh-werbung.de Improper Access Control vulnerability OBB-3770441

6.9AI score

Exploits0

OSV•added 2023/10/31 4:15 p.m.•0 views

UBUNTU-CVE-2023-46239

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...

7.5CVSS5.8AI score0.00765EPSS

Exploits0References4

Openbugbounty•added 2023/10/31 12:24 a.m.•6 views

hireandsupplies.com Improper Access Control vulnerability OBB-3769650

6.9AI score

Exploits0

Vulnrichment•added 2023/10/30 11:53 p.m.•13 views

CVE-2023-46138 JumpServer default admin user email leak password reset

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

3.7CVSS7AI score0.00316EPSS

Exploits0References2

Vulnrichment•added 2023/10/30 11:47 p.m.•5 views

CVE-2023-46129 xkeys Seal encryption used fixed key for all encryption

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...

7.5CVSS7.6AI score0.00374EPSS

Exploits0References4

Prion•added 2023/10/30 7:15 p.m.•18 views

Unrestricted file upload

BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.2 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validation failures...

6.5CVSS8.6AI score0.00538EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/10/30 6:18 p.m.•14 views

CVE-2023-43647 baserCMS Cross-site Scripting vulnerability in File upload Feature

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue...

6.1CVSS6.5AI score0.00509EPSS

Exploits0References3

Openbugbounty•added 2023/10/29 5:19 p.m.•13 views

baumann-gruppe.de Improper Access Control vulnerability OBB-3768129

6.6AI score

Exploits0

Openbugbounty•added 2023/10/26 6:47 p.m.•9 views

dgfkt.de Improper Access Control vulnerability OBB-3766133

6.6AI score

Exploits0

Openbugbounty•added 2023/10/26 1:23 p.m.•9 views

lisd.us Cross Site Scripting vulnerability OBB-3765863