8.8 CVE-2022-41919
Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect...

2022-11-26 03:35:00

6.5 CVE-2022-37773
An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch...

2022-11-26 03:34:00

8.1 CVE-2022-40870
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks....

2022-11-26 03:33:00

5.3 CVE-2022-37774
There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some...

2022-11-26 03:33:00

5.9 CVE-2022-39199
immudb is a database with built-in cryptographic proof and verification. immudb client SDKs use server's...

2022-11-26 03:32:00

7.8 CVE-2022-2791
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted...

2022-11-26 03:32:00

9.8 CVE-2022-4116
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable...

2022-11-26 03:32:00

7.2 CVE-2022-41943
sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands...

2022-11-26 03:31:00

7.8 CVE-2022-41942
Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability...

2022-11-26 03:30:00

5.4 CVE-2022-40228
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22,...

2022-11-26 03:30:00

5.3 CVE-2022-41952
Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for...

2022-11-26 03:29:00

7.8 CVE-2022-41950
super-xray is the GUI alternative for vulnerability scanning tool xray. In 0.2-beta, a privilege escalation...

2022-11-26 03:29:00

What is the Sherlock® KB project?

First of all KB for "Knowledge Base". The company ProHacktive is making its database of known vulnerabilities to date available for free. This database combines Nist's CVE database (https://nvd.nist.gov/), the CWE database (https://cwe.mitre.org/) and the CAPEC database (https://capec.mitre.org/).

For what purpose?

ProHacktive's promise is the democratization of the Cybersecurity Audit. For this, it seemed relevant to us to offer our "Knowledge Base" in different languages. Associated with this multilingual database, a clear and concise interface allows you to consult all the CVE ("Common Vulnerabilities and Exposures") present on your network. The Sherlock® service database is updated every hour from the various sources enriching our Sherlock® KB and immediately tested on the devices concerned by the new vulnerability.

Search for vulnerabilities

We also offer a simple search module in the description of each CVE. For the more curious, an advanced search allows you to point precisely to an application, an OS or a hardware. This advanced search is based on the mechanics used in our solution Sherlock®: the permanent Cybersecurity audit accessible financially and technically to all.

Developments?

We will add new languages regularly. A monitoring module will be implemented: you will be able to monitor an application, an OS or a hardware to be alerted of new vulnerabilities concerning it. Subscribe to our mailing list to be alerted when this feature is released (available on search results).