9.8 CVE-2022-44250
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the...

2022-11-26 03:42:00

9.8 CVE-2022-44249
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the...

2022-11-26 03:41:00

9.8 CVE-2022-44139
Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php.

2022-11-26 03:40:00

5.4 CVE-2022-45151
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization...

2022-11-26 03:40:00

6.1 CVE-2022-45150
A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient...

2022-11-26 03:40:00

5.4 CVE-2022-45149
A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request...

2022-11-26 03:40:00

9.8 CVE-2022-45462
Alarm instance management has command injection when there is a specific command configured. It is only...

2022-11-26 03:38:00

6.5 CVE-2022-4045
A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server...

2022-11-26 03:38:00

7.5 CVE-2021-46854
mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks...

2022-11-26 03:38:00

6.5 CVE-2022-4044
A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via...

2022-11-26 03:36:00

6.5 CVE-2022-4019
A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to...

2022-11-26 03:36:00

5.4 CVE-2022-45472
CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to...

2022-11-26 03:36:00

What is the Sherlock® KB project?

First of all KB for "Knowledge Base". The company ProHacktive is making its database of known vulnerabilities to date available for free. This database combines Nist's CVE database (https://nvd.nist.gov/), the CWE database (https://cwe.mitre.org/) and the CAPEC database (https://capec.mitre.org/).

For what purpose?

ProHacktive's promise is the democratization of the Cybersecurity Audit. For this, it seemed relevant to us to offer our "Knowledge Base" in different languages. Associated with this multilingual database, a clear and concise interface allows you to consult all the CVE ("Common Vulnerabilities and Exposures") present on your network. The Sherlock® service database is updated every hour from the various sources enriching our Sherlock® KB and immediately tested on the devices concerned by the new vulnerability.

Search for vulnerabilities

We also offer a simple search module in the description of each CVE. For the more curious, an advanced search allows you to point precisely to an application, an OS or a hardware. This advanced search is based on the mechanics used in our solution Sherlock®: the permanent Cybersecurity audit accessible financially and technically to all.

Developments?

We will add new languages regularly. A monitoring module will be implemented: you will be able to monitor an application, an OS or a hardware to be alerted of new vulnerabilities concerning it. Subscribe to our mailing list to be alerted when this feature is released (available on search results).