Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (1664 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4136 3 Phusion, Redhat, Ruby-lang 3 Passenger, Openshift, Ruby 2024-08-06 N/A
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
CVE-2013-4116 1 Node Packaged Modules Project 1 Node Packaged Modules 2024-08-06 N/A
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.
CVE-2024-41265 1 Linuxfoundation 1 Cortex 2024-08-02 7.5 High
A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.
CVE-2024-41253 1 Goframe 1 Goframe 2024-08-01 7.1 High
goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component.