5.3 CVE-2023-33184
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services...

2023-06-02 18:52:00

6.5 CVE-2023-31187
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials

2023-06-02 18:46:00

5.3 CVE-2023-31186
Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy

2023-06-02 18:46:00

7.8 CVE-2023-26129
All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization...

2023-06-02 18:45:00

6.1 CVE-2023-32218
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')...

2023-06-02 18:45:00

4.8 CVE-2023-33194
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input...

2023-06-02 18:43:00

7.5 CVE-2023-31595
IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access....

2023-06-02 18:38:00

5.4 CVE-2023-33196
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered...

2023-06-02 18:35:00

7.8 CVE-2023-2480
Missing access permissions checks in M-Files Client before 23.5.12598.0 allows elevation of privilege...

2023-06-02 18:34:00

9.8 CVE-2023-2924
A vulnerability, which was classified as critical, has been found in Supcon SimField up to

2023-06-02 18:30:00

8.8 CVE-2023-2928
A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this...

2023-06-02 18:27:00

6.5 CVE-2023-2926
A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown...

2023-06-02 18:26:00

What is the Sherlock® KB project?

First of all KB for "Knowledge Base". The company ProHacktive is making its database of known vulnerabilities to date available for free. This database combines Nist's CVE database (https://nvd.nist.gov/), the CWE database (https://cwe.mitre.org/) and the CAPEC database (https://capec.mitre.org/).

For what purpose?

ProHacktive's promise is the democratization of the Cybersecurity Audit. For this, it seemed relevant to us to offer our "Knowledge Base" in different languages. Associated with this multilingual database, a clear and concise interface allows you to consult all the CVE ("Common Vulnerabilities and Exposures") present on your network. The Sherlock® service database is updated every hour from the various sources enriching our Sherlock® KB and immediately tested on the devices concerned by the new vulnerability.

Search for vulnerabilities

We also offer a simple search module in the description of each CVE. For the more curious, an advanced search allows you to point precisely to an application, an OS or a hardware. This advanced search is based on the mechanics used in our solution Sherlock®: the permanent Cybersecurity audit accessible financially and technically to all.


We will add new languages regularly. A monitoring module will be implemented: you will be able to monitor an application, an OS or a hardware to be alerted of new vulnerabilities concerning it. Subscribe to our mailing list to be alerted when this feature is released (available on search results).