Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Cert Security Vulnerabilities

cve
cve

CVE-2022-25799

An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious si...

6.1CVSS

5.9AI Score

0.001EPSS

2022-10-05 12:00 AM
34
6
cve
cve

CVE-2022-40238

A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed.

8.8CVSS

8.9AI Score

0.002EPSS

2022-10-26 04:15 PM
23
2
cve
cve

CVE-2022-40248

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the "Product Affected" field.

5.4CVSS

5.4AI Score

0.001EPSS

2022-10-10 08:15 PM
23
10
cve
cve

CVE-2022-40257

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field.

5.4CVSS

5.3AI Score

0.001EPSS

2022-10-10 08:15 PM
19
10