5.5 CVE-2022-40976
A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker...

2022-11-25 13:59:00

7.5 CVE-2022-40152
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support...

2022-11-25 11:15:00

9.1 CVE-2021-36751
ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does not...

2022-11-25 05:15:00

9.8 CVE-2022-37598
** DISPUTED ** Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2...

2022-11-25 05:15:00

7.5 CVE-2021-20611
Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware...

2022-11-25 03:15:00

7.5 CVE-2021-20610
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R...

2022-11-25 03:15:00

7.8 CVE-2021-3770
vim is vulnerable to Heap-based Buffer Overflow

2022-11-24 16:15:00

9.8 CVE-2022-0318
Heap-based Buffer Overflow in vim/vim prior to 8.2.

2022-11-24 16:15:00

7.8 CVE-2022-0392
Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.

2022-11-24 16:15:00

7.8 CVE-2022-0629
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

2022-11-24 16:15:00

5.5 CVE-2022-0696
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.

2022-11-24 16:15:00

7.8 CVE-2022-1619
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899....

2022-11-24 16:15:00

What is the Sherlock® KB project?

First of all KB for "Knowledge Base". The company ProHacktive is making its database of known vulnerabilities to date available for free. This database combines Nist's CVE database (https://nvd.nist.gov/), the CWE database (https://cwe.mitre.org/) and the CAPEC database (https://capec.mitre.org/).

For what purpose?

ProHacktive's promise is the democratization of the Cybersecurity Audit. For this, it seemed relevant to us to offer our "Knowledge Base" in different languages. Associated with this multilingual database, a clear and concise interface allows you to consult all the CVE ("Common Vulnerabilities and Exposures") present on your network. The Sherlock® service database is updated every hour from the various sources enriching our Sherlock® KB and immediately tested on the devices concerned by the new vulnerability.

Search for vulnerabilities

We also offer a simple search module in the description of each CVE. For the more curious, an advanced search allows you to point precisely to an application, an OS or a hardware. This advanced search is based on the mechanics used in our solution Sherlock®: the permanent Cybersecurity audit accessible financially and technically to all.

Developments?

We will add new languages regularly. A monitoring module will be implemented: you will be able to monitor an application, an OS or a hardware to be alerted of new vulnerabilities concerning it. Subscribe to our mailing list to be alerted when this feature is released (available on search results).