CVEs Published
CWE 4.14 is available
2024-03-01![CWE 4.14 is available](/images/logo/cwe.png)
MITRE has released version 4.14 of the Common Weakness Enumeration (CWE) with a new weakness for "Hardware Micro Architectures", a view for "ISA/IEC 62443 Requirements", and new demonstrative examples from "HACK@DAC". Changes in 4.14 New Waknesses: CWE-1420: Exposure of Sensitive Information du...
What's new in SecDB 24.2
2024-02-29![What's new in SecDB 24.2](/images/logo.png)
This new version of SecDB brings new features and improvements. Polished UI, improved support for EPSS, Web & Social references (from Reddit and Mastodon) in CVEs, new Security Advisories and sections (NASL & NVT and Packages), and much more. Improved the EPSS (Exploit Prediction Scoring System) s...
What's new in SecDB 22.11 - EPSS, Packages & Software, new Security Advisory feeds... and more!
2022-11-30![What's new in SecDB 22.11 - EPSS, Packages & Software, new Security Advisory feeds... and more!](/images/logo.png)
Notable changes in SecDB Introduced the Exploit Prediction Scoring System (EPSS) Added the Exploit Prediction Scoring System (EPSS) score in all tables and CVE pages. The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for estimating the likelihood (probability) that a sof...
- 2022 CWE Top 25 Most Dangerous Software Weaknesses (2022-06-28)
- CISA Adds 34 Known Exploited Vulnerabilities to Catalog (2022-05-25)
- CISA Adds 20 Known Exploited Vulnerabilities to Catalog (2022-05-24)
- CSIRT Publish 71 known vulnerabilities based on evidence of active exploitation (2022-05-12)
- Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228) (2021-12-13)
- ...all articles
MAVEN:GHSA-2HJR-VMF3-XWVP
2024-07-26moderate
Elasticsearch Insertion of Sensitive Information into Log File
FREEBSD:3E917407-4B3F-11EF-8E49-001999F8D30B
2024-07-26
Mailpit -- Content Security Policy XSS
MAVEN:GHSA-7726-43HG-M23V
2024-07-25high
OpenAM FreeMarker template injection
MAVEN:GHSA-P528-3MVF-GR87
2024-07-25critical
Remote code execution in Spring Cloud Data Flow
SSA:2024-206-02
2024-07-25
libxml2
SSA:2024-206-01
2024-07-25medium
htdig
DSA-5734-1
2024-07-25high
bind9
ELSA-2024-4861
2024-07-25moderate
squid security update
RHSA-2024:4861
2024-07-25moderate
squid security update
ALSA-2024:4861
2024-07-25moderate
squid security update
CVE-2024-0519
2024-01-16CVSS3 8.8 CWE-125 CWE-787
Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially expl...
CVE-2023-50782
2024-02-05CVSS3 7.5 CWE-203 CWE-208
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages...
CVE-2024-37034
2024-07-26
An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are...
CVE-2024-40433
2024-07-26
Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view...
CVE-2024-41120
2024-07-26CVSS3 9.8 CWE-20
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb...
CVE-2024-41628
2024-07-26
Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and ...
CVE-2024-41815
2024-07-26CVSS3 7.4 CWE-77
Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable ...
CVE-2024-41115
2024-07-26CVSS3 9.8 CWE-20
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb...
CVE-2024-41116
2024-07-26CVSS3 9.8 CWE-20
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb...
CVE-2024-41117
2024-07-26CVSS3 9.8 CWE-20
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb...