CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2183 matches found

Positive Technologies•added 2022/10/02 12:0 a.m.•10 views

PT-2022-6920

Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.4.0-rc1 through 2.12.7.1 FasterXML jackson-databind versions 2.13.x through 2.13.4.1 Bamboo Data Center and Server versions 9.1.0 through 9.2.4 Bamboo Data Center and Server versions 9.3.0 through 9.3.2...

7.8CVSS6.5AI score0.02824EPSS

Exploits2References71

Debian CVE•added 2022/10/02 12:0 a.m.•71 views

CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

7.5CVSS7AI score0.02824EPSS

Exploits2

Snyk•added 2022/09/29 1:34 p.m.•3 views

Code Injection

Overview snyk is a advanced tool that scans and monitors projects for security vulnerabilities. Affected versions of this package are vulnerable to Code Injection. when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such a...

8.8CVSS7AI score0.00718EPSS

Exploits2References2

Cvelist•added 2022/09/28 10:25 p.m.•72 views

CVE-2022-31628 phar wrapper can occur dos when using quine gzip file

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...

2.3CVSS7.9AI score0.00565EPSS

Exploits0References8

Kitploit•added 2022/09/27 11:30 a.m.•46 views

pyFlipper - Unoffical Flipper Zero Cli Wrapper Written In Python

Unoffical Flipper Zero cli wrapper written in Python Functions and characteristics: Flipper serial CLI wrapper Websocket client interface Setup instructions: $ git clone https://github.com/wh00hw/pyFlipper.git $ cd pyFlipper $ python3 -m venv venv $ source venv/bin/activate $ pip install -r...

7.3AI score

Exploits0References1

OSV•added 2022/09/26 5:9 a.m.•7 views

MAL-2022-668 Malicious code in @trimoz/trimoz-api-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9110e2c38a1f92ba467767f3e718d50db805ec76c4de80cbdbbf6e79e28555c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

Exploits0References1

Veracode•added 2022/09/20 3:19 p.m.•17 views

Remote Code Execution

d8sdomains is vulnerable to remote code execution. A potential code-execution backdoor inserted by a third party allows an attacker to upload and execute malicious code on the system under attack, through the vulnerable wrapper method...

9.8CVSS9.6AI score0.0099EPSS

Exploits1References3Affected Software1

RedHat Linux•added 2022/09/15 8:38 a.m.•2 views

Archive_Tar: improper filename sanitization leads to file overwrites

A flaw was found in the ArchiveTar package. PEAR ArchiveTar could allow a local authenticated attacker to bypass security restrictions caused by a stream-wrapper attack. An attacker can overwrite arbitrary files on the system using a specially-crafted tar archive...

7.8CVSS5.9AI score0.84554EPSS

Exploits4References5

Huntr•added 2022/09/13 2:52 p.m.•34 views

XSS via Mathematical Typesetting

🔒️ Requirements Feature: Extras Mathematical Typesetting enabled. User interaction: Access vulnerable page || diagram and wheel click on a link. 📝 Description The Mathematical Typesetting feature allows to use inline content such as AsciiMath or LaTeX. Using it allows you to create a tag via \href...

5.8CVSS0.8AI score0.00593EPSS

Exploits1

ATTACKERKB•added 2022/09/06 6:15 p.m.•1 views

CVE-2022-2434

The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site...

8.8CVSS5.9AI score0.01207EPSS

Exploits0References5

ATTACKERKB•added 2022/09/06 6:15 p.m.•1 views

CVE-2022-2438

The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$logfile' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that...

7.2CVSS6AI score0.01307EPSS

Exploits0References4

ATTACKERKB•added 2022/09/06 6:15 p.m.•2 views

CVE-2022-2436

The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'filepackagedir' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper tha...

8.8CVSS6AI score0.01328EPSS

Exploits0References5

OSV•added 2022/09/06 6:15 p.m.•2 views

CVE-2022-2438

7.2CVSS5.9AI score0.01307EPSS

Exploits0References3

NVD•added 2022/09/06 6:15 p.m.•29 views

CVE-2022-2436

8.8CVSS0.01328EPSS

Exploits0References4

NVD•added 2022/09/06 6:15 p.m.•12 views

CVE-2022-2442

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the 'path' parameter in versions up to, and including 0.9.74. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper...

7.2CVSS0.01329EPSS

Exploits0References5

NVD•added 2022/09/06 6:15 p.m.•38 views

CVE-2022-2433

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...

8.8CVSS0.0118EPSS

Exploits0References4

OSV•added 2022/09/06 6:15 p.m.•4 views

CVE-2022-2436

8.8CVSS5.9AI score0.01328EPSS

Exploits0References4