CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2023/07/10 5:15 p.m.•17 views

CVE-2023-37277

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML...

9.6CVSS9.6AI score0.00622EPSS

Openbugbounty•added 2023/07/09 5:8 p.m.•6 views

catavoile29.fr Cross Site Scripting vulnerability OBB-3495451

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

OSV•added 2023/07/06 11:10 a.m.•13 views

SUSE-SU-2023:2789-1 Security update for bind

This update for bind fixes the following issues: - CVE-2023-2828: Fixed DOS against recursive resolvers related to cache-cleaning algorithm bsc1212544...

7.5CVSS7.6AI score0.03776EPSS

Positive Technologies•added 2023/06/28 12:0 a.m.•4 views

PT-2023-17947 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds read in the StoreAdbSerialNumber of protocolmiscbuilder.cpp due to a missing bounds check. This could lead to local information disclosure with System execution...

4.4CVSS4.2AI score0.00093EPSS

Positive Technologies•added 2023/06/28 12:0 a.m.•4 views

PT-2023-25061 · H3C · H3C Magic

Name of the Vulnerable Software and Affected Versions: H3C Magic B1STV100R012 version B1STV100R012 Description: A stack overflow in the UpdateWanMode function allows attackers to cause a Denial of Service DoS via a crafted POST request to an unspecified API endpoint. Recommendations: For H3C Magi...

7.5CVSS7.5AI score0.0071EPSS

Exploits1References4

CBLMariner•added 2023/06/27 8:56 p.m.•23 views

CVE-2023-32681 affecting package python-requests for versions less than 2.27.1-6

CVE-2023-32681 affecting package python-requests for versions less than 2.27.1-6. A patched version of the package is available...

6.1CVSS7.2AI score0.02782EPSS

Exploits1

Openbugbounty•added 2023/06/26 8:49 a.m.•12 views

opie-benthos.fr Cross Site Scripting vulnerability OBB-3471117

Github Security Blog•added 2023/06/15 7:5 p.m.•16 views

fast-xml-parser regex vulnerability patch could be improved from a safety perspective

Summary This is a comment on https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw and the patches fixing it. Details The code which validates a name calls the validator:...

7AI score

Exploits0References4Affected Software1

Vulnrichment•added 2023/06/14 4:58 p.m.•8 views

CVE-2023-34095 cpdb-libs vulnerable to buffer overflows via scanf

cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends CPDB project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of scanf3. cpdb-libs uses the fscanf and scanf functions to parse command lines and configuration...

9.8CVSS9.4AI score0.01539EPSS

Exploits1References6

Openbugbounty•added 2023/06/13 10:27 a.m.•22 views

forschung.medunigraz.at Cross Site Scripting vulnerability OBB-3423625

Openbugbounty•added 2023/06/11 3:17 p.m.•8 views

kuwaitpr.com Cross Site Scripting vulnerability OBB-3413434

Prion•added 2023/06/08 10:15 p.m.•17 views

Code injection

TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server TGS, an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct respon...

5CVSS5.2AI score0.0046EPSS

Exploits0References2Affected Software1

Ivanti•added 2023/06/07 7:55 p.m.•12 views

SA-2023-06-06-CVE-2023-28324

SECURITY ADVISORY 06-06-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for Ivanti Endpoint Manager for all versions of 2022 SU2 and below. Please patch to the latest version of EPM 2022. If you are using 2021.1, please patch to SU4 and apply the hotfix as...

9.8CVSS7.9AI score0.11766EPSS

Exploits5

Malwarebytes•added 2023/06/05 5:0 p.m.•19 views

Play ransomware gang compromises Spanish bank, threatens to leak files

Ransomware is creating additional work for a major Spanish bank. Globalcaja, said to have more than 300 offices in Spain and close to half a million customers, has fallen victim to the Play ransomware gang. The gang claim to have swiped both private and personal information in the attack--includi...

6.7AI score

OSV•added 2023/05/30 5:15 a.m.•3 views

DEBIAN-CVE-2023-32685

Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the contentEditable element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document...

5.4CVSS5.5AI score0.00513EPSS

Exploits0References1

CBLMariner•added 2023/05/25 9:38 a.m.•19 views

CVE-2023-1668 affecting package openvswitch for versions less than 2.17.5-2

CVE-2023-1668 affecting package openvswitch for versions less than 2.17.5-2. A patched version of the package is available...

8.2CVSS8.3AI score0.01216EPSS

Malwarebytes•added 2023/05/24 2:45 p.m.•26 views

Rheinmetall attacked by BlackBasta ransomware

On Friday May 19, 2023, the German arms producer Rheinmetall acknowledged a cyber-incident at one of its subsidiaries in the private sector. The BlackBasta ransomware group has already claimed responsibility for the attack through its leak-site. Entry for Rheinmetall on BlackBasta leak site...

7AI score